Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether a path on the Jenkins controller file system exists, without being able to access it.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: jenkins
Published: 2024-03-06T17:01:55.535Z
Updated: 2024-08-02T00:48:49.387Z
Reserved: 2024-03-05T19:29:05.204Z
Link: CVE-2024-28151
Vulnrichment
Updated: 2024-08-02T00:48:49.387Z
NVD
Status : Awaiting Analysis
Published: 2024-03-06T17:15:10.570
Modified: 2024-05-01T18:15:16.783
Link: CVE-2024-28151
Redhat