← back
CVE-2024-28151

CVE-2024-28151

CVSS 4.3 MEDIUMEPSS 0.9%CWE-22
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
06 Mar 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether a path on the Jenkins controller file system exists, without being able to access it.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
Jenkins Project · Jenkins HTML Publisher Plugin

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3303http://www.openwall.com/lists/oss-security/2024/03/06/3