Jenkins HTML Publisher Plugin is vulnerable to Path Traversal. The vulnerability is caused due to insufficient restrictions on the FOLLOW_SYMLINKS
variable within HtmlPublisher.java
. The lack of finalization and the ability to change this variable via script during runtime allows attackers with Item/Configure permission to manipulate symbolic links, resulting in Path Traversal.