Описание
Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether a path on the Jenkins controller file system exists, without being able to access it.
A flaw was found in jenkins-2-plugins. The HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller. Attackers with Item/Configure permission can use them to determine whether a path on the Jenkins controller file system exists, without being able to access it.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Developer Tools and Services | jenkins-2-plugins | Affected | ||
| Red Hat OpenShift Container Platform 3.11 | jenkins-2-plugins | Out of support scope |
Показывать по
Дополнительная информация
Статус:
4.3 Medium
CVSS3
Связанные уязвимости
Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether a path on the Jenkins controller file system exists, without being able to access it.
Jenkins HTML Publisher Plugin Path traversal vulnerability
Уязвимость плагина Jenkins HTML Publisher, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю читать произвольные файлы
4.3 Medium
CVSS3