CVE-2024-28149

Name of the Vulnerable Software and Affected Versions Jenkins HTML Publisher Plugin versions 1.16 through 1.32

Description The issue arises from the plugin's failure to properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting (XSS) attacks. This can also enable attackers to determine whether a specific path exists on the Jenkins controller file system.

Recommendations For Jenkins HTML Publisher Plugin versions 1.16 through 1.32, update to a version outside of this range to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.