CVE-2024-28149
published 2024-03-06CVE-2024-28149: Jenkins HTML Publisher Plugin 1.16 through 1.32 (both inclusive) does not properly sanitize input, allowing attackers with Item/Configure permission to…
medium6.5CVSS 3.1
AVNACLPRNUINSUCLINAL
Jenkins HTML Publisher Plugin 1.16 through 1.32 (both inclusive) does not properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting (XSS) attacks and to determine whether a path on the Jenkins controller file system exists.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | appspider_plugin | — | — |
| jenkins | bitbucket_branch_source_plugin | — | — |
| jenkins | build_monitor_view_plugin | — | — |
| jenkins | delphix_plugin | — | — |
| jenkins | gitbucket_plugin | — | — |
| jenkins | html_publisher | >= 1.16 < 1.32.1 | 1.32.1 |
| jenkins | html_publisher_plugin | — | — |
| jenkins | improper_input_sanitization_in_html_publisher_plugin | — | — |
| jenkins | mq_notifier_plugin | — | — |
| jenkins | owasp_dependency-check_plugin | — | — |
| jenkins | subversion_partial_release_manager_plugin | — | — |
| jenkins | tls_certificate_validation_in_delphix_plugin | — | — |
| jenkins_project | jenkins_html_publisher_plugin | 1.16 – 1.32 | — |