Jenkins HTML Publisher Plugin 1.16 through 1.32 (both inclusive) does not properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting (XSS) attacks and to determine whether a path on the Jenkins controller file system exists.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: jenkins
Published: 2024-03-06T17:01:53.259Z
Updated: 2024-08-02T00:48:48.971Z
Reserved: 2024-03-05T19:29:05.204Z
Link: CVE-2024-28149
Vulnrichment
Updated: 2024-08-02T00:48:48.971Z
NVD
Status : Awaiting Analysis
Published: 2024-03-06T17:15:10.450
Modified: 2024-05-01T18:15:16.697
Link: CVE-2024-28149
Redhat