The vulnerability of the Jenkins continuous integration server’s HTML plugin arises from incorrect path name restrictions for the catalog directory, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the Jenkins automation server plugin is related to an incorrect restriction on the path to the catalog. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...