Vulnerability Details CVE-2018-1000175
A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.2%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
Products affected by CVE-2018-1000175
-
cpe:2.3:a:jenkins:html_publisher:0.1.0
-
cpe:2.3:a:jenkins:html_publisher:0.2.0
-
cpe:2.3:a:jenkins:html_publisher:0.2.1
-
cpe:2.3:a:jenkins:html_publisher:0.2.2
-
cpe:2.3:a:jenkins:html_publisher:0.3
-
cpe:2.3:a:jenkins:html_publisher:0.4
-
cpe:2.3:a:jenkins:html_publisher:0.5
-
cpe:2.3:a:jenkins:html_publisher:0.6
-
cpe:2.3:a:jenkins:html_publisher:0.7
-
cpe:2.3:a:jenkins:html_publisher:0.8
-
cpe:2.3:a:jenkins:html_publisher:1.0
-
cpe:2.3:a:jenkins:html_publisher:1.1
-
cpe:2.3:a:jenkins:html_publisher:1.10
-
cpe:2.3:a:jenkins:html_publisher:1.11
-
cpe:2.3:a:jenkins:html_publisher:1.12
-
cpe:2.3:a:jenkins:html_publisher:1.13
-
cpe:2.3:a:jenkins:html_publisher:1.14
-
cpe:2.3:a:jenkins:html_publisher:1.15
-
cpe:2.3:a:jenkins:html_publisher:1.2
-
cpe:2.3:a:jenkins:html_publisher:1.3
-
cpe:2.3:a:jenkins:html_publisher:1.4
-
cpe:2.3:a:jenkins:html_publisher:1.5
-
cpe:2.3:a:jenkins:html_publisher:1.6
-
cpe:2.3:a:jenkins:html_publisher:1.7
-
cpe:2.3:a:jenkins:html_publisher:1.8
-
cpe:2.3:a:jenkins:html_publisher:1.9