CVE-2024-28151

Name of the Vulnerable Software and Affected Versions Jenkins HTML Publisher Plugin versions 1.32 and earlier

Description The issue is related to the incorrect restriction of the directory path name with limited access. Exploitation may allow a remote attacker to read arbitrary files using a specially crafted HTTP request. Attackers with Item/Configure permission can determine whether a path on the Jenkins controller file system exists, without being able to access it.

Recommendations For Jenkins HTML Publisher Plugin versions 1.32 and earlier, update to a version later than 1.32 to resolve the issue. At the moment, there is no information about other specific fixes for this issue.