1. Home
  2. Vulnerabilities
  3. CVE-2018-1000175

CVE-2018-1000175

CVSS v3.0 6.5 (Medium)
65% Progress
CVSS v2.0 4 (Medium)
40% Progress
EPSS 0.06 % (27th)
0.06% Progress
Affected Products 1
Advisories 2
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master.

Weaknesses
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2018-05-08 15:29:00
(6 years ago)
Updated Date
2018-06-13 15:02:49
(6 years ago)

Affected Products

Jenkins

Configuration #1

    CPE23 From Up To
  Jenkins Html Publisher for Jenkins 1.15 and prior versions cpe:2.3:a:jenkins:html_publisher::*:*:*:*:jenkins <= 1.15