Bug 2268227 (CVE-2024-28149) - CVE-2024-28149 jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin
Summary: CVE-2024-28149 jenkins-2-plugins: Improper input sanitization in HTML Publish...
Keywords:
Status: NEW
Alias: CVE-2024-28149
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2268252
TreeView+ depends on / blocked
 
Reported: 2024-03-06 17:35 UTC by Pedro Sampaio
Modified: 2024-11-30 08:27 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:3634 0 None None None 2024-06-05 14:44:40 UTC
Red Hat Product Errata RHSA-2024:3635 0 None None None 2024-06-05 14:45:14 UTC
Red Hat Product Errata RHSA-2024:3636 0 None None None 2024-06-05 14:44:09 UTC
Red Hat Product Errata RHSA-2024:4597 0 None None None 2024-07-17 18:47:15 UTC

Description Pedro Sampaio 2024-03-06 17:35:34 UTC 
SECURITY-784 / CVE-20218-1000175 is a path traversal vulnerability in HTML Publisher Plugin 1.15 and earlier. The fix for it retained compatibility for older reports as a fallback.

In HTML Publisher Plugin 1.16 through 1.32 (both inclusive) this fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This allows attackers with Item/Configure permission to do the following:

    Implement stored cross-site scripting (XSS) attacks.

    Determine whether a path on the Jenkins controller file system exists, without being able to access it.

HTML Publisher Plugin 1.32.1 removes support for reports created before HTML Publisher Plugin 1.15. Those reports are retained on disk, but may no longer be accessible through the Jenkins UI.

References:

https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301
Comment 4 errata-xmlrpc 2024-06-05 14:44:07 UTC 
This issue has been addressed in the following products:

  OCP-Tools-4.13-RHEL-8

Via RHSA-2024:3636 https://access.redhat.com/errata/RHSA-2024:3636
Comment 5 errata-xmlrpc 2024-06-05 14:44:39 UTC 
This issue has been addressed in the following products:

  OCP-Tools-4.14-RHEL-8

Via RHSA-2024:3634 https://access.redhat.com/errata/RHSA-2024:3634
Comment 6 errata-xmlrpc 2024-06-05 14:45:12 UTC 
This issue has been addressed in the following products:

  OCP-Tools-4.12-RHEL-8

Via RHSA-2024:3635 https://access.redhat.com/errata/RHSA-2024:3635
Comment 7 errata-xmlrpc 2024-07-17 18:47:13 UTC 
This issue has been addressed in the following products:

  OCP-Tools-4.15-RHEL-8

Via RHSA-2024:4597 https://access.redhat.com/errata/RHSA-2024:4597
Note You need to log in before you can comment on or make changes to this bug.