Lucene search
Veracode Vulnerability DatabaseVERACODE:45846HistoryMar 12, 2024 - 10:06 a.m.
Path Traversal
2024-03-1210:06:02
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
jenkins
html publisher plugin
path traversal
insufficient restrictions
follow_symlinks
htmlpublisher.java
symbolic links
item/configure permission
manipulate
Jenkins HTML Publisher Plugin is vulnerable to Path Traversal. The vulnerability is caused due to insufficient restrictions on the FOLLOW_SYMLINKS variable within HtmlPublisher.java. The lack of finalization and the ability to change this variable via script during runtime allows attackers with Item/Configure permission to manipulate symbolic links, resulting in Path Traversal.
Related
nvd
nvd
CVE-2024-28151
2024-03-06 17:15:10
prion
prion
Design/Logic Flaw
2024-03-06 17:15:00
osv
osv
Jenkins HTML Publisher Plugin Path traversal vulnerability
2024-03-06 18:30:38
cve
cve
CVE-2024-28151
2024-03-06 17:15:10
github
github
Jenkins HTML Publisher Plugin Path traversal vulnerability
2024-03-06 18:30:38
redhatcve
redhatcve
CVE-2024-28151
2024-03-06 18:46:43
cvelist
cvelist
CVE-2024-28151
2024-03-06 17:01:55
vulnrichment
vulnrichment
CVE-2024-28151
2024-03-06 17:01:55
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2024-03-06)
2024-03-07 00:00:00