CVE-2025-53651

MEDIUM4.3EPSS 1.3%

Jenkins HTML Publisher Plugin vulnerability displays controller file system information in its logs

發布日:2025/7/9修改日:2025/11/5

描述

Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log. HTML Publisher Plugin 427 displays only the parent directory name of files archived during the Publish HTML reports post-build step in its log messages.

受影響套件(1)

Maven/org.jenkins-ci.plugins:htmlpublisherfrom 0, < 427

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-53651
PATCHhttps://github.com/jenkinsci/htmlpublisher-plugin
WEBhttps://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3547
WEBhttp://www.openwall.com/lists/oss-security/2025/07/09/4