CVE-2024-28149

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-28149
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-28149.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-28149
Aliases
Published
2024-03-06T17:15:10Z
Modified
2025-05-17T14:04:46.570041Z
Downstream
Summary
[none]
Details

Jenkins HTML Publisher Plugin 1.16 through 1.32 (both inclusive) does not properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting (XSS) attacks and to determine whether a path on the Jenkins controller file system exists.

References

Affected packages

Git / github.com/jenkinsci/htmlpublisher-plugin

Affected ranges

Type
GIT
Repo
https://github.com/jenkinsci/htmlpublisher-plugin
Events
Introduced
ba962efdc25b6358ffafb47c056be9b0a1a9b318
Fixed
810e7cb7600cc1142abdbe83a477c10f45a65882

Affected versions

htmlpublisher-1.*

htmlpublisher-1.16
htmlpublisher-1.17
htmlpublisher-1.18
htmlpublisher-1.19
htmlpublisher-1.20
htmlpublisher-1.21
htmlpublisher-1.22
htmlpublisher-1.22-beta-1
htmlpublisher-1.23
htmlpublisher-1.24
htmlpublisher-1.25
htmlpublisher-1.26
htmlpublisher-1.27
htmlpublisher-1.28
htmlpublisher-1.29
htmlpublisher-1.30
htmlpublisher-1.31
htmlpublisher-1.32