CVE-2025-53651

CVE-2025-53651 affects the Jenkins HTML Publisher Plugin, 425 and earlier. The issue arises because log messages include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller filesystem in build logs. The Connected ...

CVE-2025-53651

Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log...

PT-2025-28903 · Jenkins · Jenkins Html Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins HTML Publisher Plugin versions prior to 426 Description: The Jenkins HTML Publisher Plugin versions prior to 426 displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step,...

Jenkins plugin HTML Publisher 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin

A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting XSS...

jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin

A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting XSS...

jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin

A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting XSS...

jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin

A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting XSS...

Important: Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update

An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

The vulnerability of the Jenkins HTML Publisher plugin, which exists due to the lack of protective measures for website structures, allows attackers to perform cross-site scripting attacks and determine whether a path to the Jenkins controller’s file system exists.

The vulnerability of the Jenkins HTML Publisher plugin exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks and determine whether there is a path to the Jenkins controller’...

The vulnerability of the Jenkins HTML Publisher plugin, which exists due to the lack of measures taken to protect the structure of web pages, allows attackers to perform cross-site scripting attacks.

The vulnerability of the Jenkins HTML Publisher plugin exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

The vulnerability of the Jenkins HTML Publisher plugin relates to incorrect restrictions on the path to the restricted catalog, allowing attackers to read arbitrary files.

The vulnerability of the Jenkins HTML Publisher plugin is related to an incorrect limitation on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to read arbitrary files using a specially created HTTP request...

Path Traversal

Jenkins HTML Publisher Plugin is vulnerable to Path Traversal. The vulnerability is caused due to insufficient restrictions on the FOLLOWSYMLINKS variable within HtmlPublisher.java. The lack of finalization and the ability to change this variable via script during runtime allows attackers with...

Cross Site Scripting(XSS)

Jenkins HTML Publisher Plugin is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper input sanitization, allowing attackers with Item/Configure permission to execute XSS attacks and determine the existence of paths on the Jenkins controller file system...

CVE-2024-28150

A flaw was found in jenkins-2-plugins. The HTML Publisher Plugin 1.32 and earlier does not escape job names, report names, and index page titles shown as part of the report frame. This issue may result in a stored cross-site scripting XSS vulnerability that is exploitable by attackers with...

CVE-2024-28151

A flaw was found in jenkins-2-plugins. The HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller. Attackers with Item/Configure permission can use them to determine whether a path on the Jenkins controller file...

CVE-2024-28149

A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting XSS...

GHSA-8VCG-V7G4-3VR7 Jenkins HTML Publisher Plugin does not properly sanitize input

Jenkins HTML Publisher Plugin 1.16 through 1.32 both inclusive does not properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting XSS attacks and to determine whether a path on the Jenkins controller file system exists...

Jenkins HTML Publisher Plugin Path traversal vulnerability

Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether a path on the Jenkins controller file system exists, without being able to...

Jenkins HTML Publisher Plugin does not properly sanitize input

Jenkins HTML Publisher Plugin 1.16 through 1.32 both inclusive does not properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting XSS attacks and to determine whether a path on the Jenkins controller file system exists...