Lucene search
JenkinsCVELIST:CVE-2024-28151HistoryMar 06, 2024 - 5:01 p.m.
CVE-2024-28151
2024-03-0617:01:55
jenkins
www.cve.org
cve-2024-28151
jenkins
html publisher plugin
symbolic links
file system exposure
security vulnerability
item/configure permission
Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether a path on the Jenkins controller file system exists, without being able to access it.
CNA Affected
[
{
"vendor": "Jenkins Project",
"product": "Jenkins HTML Publisher Plugin",
"versions": [
{
"version": "0",
"versionType": "maven",
"lessThanOrEqual": "1.32",
"status": "affected"
}
],
"defaultStatus": "unaffected"
}
]Related
nvd
nvd
CVE-2024-28151
2024-03-06 17:15:10
redhatcve
redhatcve
CVE-2024-28151
2024-03-06 18:46:43
veracode
veracode
Path Traversal
2024-03-12 10:06:02
osv
osv
Jenkins HTML Publisher Plugin Path traversal vulnerability
2024-03-06 18:30:38
prion
prion
Design/Logic Flaw
2024-03-06 17:15:00
cve
cve
CVE-2024-28151
2024-03-06 17:15:10
github
github
Jenkins HTML Publisher Plugin Path traversal vulnerability
2024-03-06 18:30:38
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2024-03-06)
2024-03-07 00:00:00