Primary

Context

Jenkins HTML Publisher Plugin Absolute Path Information Disclosure Vulnerability

Vulnerability

Patched

A file path information disclosure vulnerability exists in the Jenkins HTML Publisher Plugin in versions 425 and earlier. The vulnerability arises because the plugin logs absolute paths of files archived during the Publish HTML reports post-build step. This log information can expose details about the Jenkins controller file system, creating a potential security risk.

Impact

Exposing absolute file paths in the Jenkins build log can lead to unauthorized disclosure of the Jenkins controller file system structure, potentially allowing attackers to identify and exploit other vulnerabilities or sensitive information.

Remediation

Users of the Jenkins HTML Publisher Plugin should update to version 427, which addresses this vulnerability by modifying the logged file path information to include only the parent directory name.

Added: Jul 9, 2025, 5:20 PM

Updated: Jul 9, 2025, 5:20 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jenkins HTML Publisher Plugin Absolute Path Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Jenkins HTML Publisher Plugin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating