Jenkins Html Publisher
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Jenkins Html Publisher.
By the Year
In 2025 there have been 1 vulnerability in Jenkins Html Publisher with an average score of 6.3 out of ten. Last year, in 2024 Html Publisher had 3 security vulnerabilities published. Right now, Html Publisher is on track to have less security vulnerabilities in 2025 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 1 | 6.30 |
| 2024 | 3 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 5.40 |
| 2018 | 1 | 6.50 |
It may take a day or so for new Html Publisher vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Html Publisher Security Vulnerabilities
CVE-2025-53651: Jenkins HTML Publisher Plugin Log Path Disclosure
CVE-2025-53651
6.3 - Medium
- July 09, 2025
Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log.
Absolute Path Traversal
Jenkins HTML Publisher Plugin <1.32: Symlink path disclosure (CVE-2024-28151)
CVE-2024-28151
- March 06, 2024
Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether a path on the Jenkins controller file system exists, without being able to access it.
Stored XSS in Jenkins HTML Publisher Plugin <1.32 via unescaped titles
CVE-2024-28150
- March 06, 2024
Jenkins HTML Publisher Plugin 1.32 and earlier does not escape job names, report names, and index page titles shown as part of the report frame, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Jenkins HTML Publisher Plugin 1.16-1.32 XSS via unsanitized input
CVE-2024-28149
- March 06, 2024
Jenkins HTML Publisher Plugin 1.16 through 1.32 (both inclusive) does not properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting (XSS) attacks and to determine whether a path on the Jenkins controller file system exists.
Jenkins HTML Publisher Plugin 1.20 and earlier did not escape the project and build display names in the HTML report frame
CVE-2019-10432
5.4 - Medium
- October 01, 2019
Jenkins HTML Publisher Plugin 1.20 and earlier did not escape the project and build display names in the HTML report frame, resulting in a cross-site scripting vulnerability exploitable by users able to change those.
XSS
A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java
CVE-2018-1000175
6.5 - Medium
- May 08, 2018
A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master.
Directory traversal
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Html Publisher or by Jenkins? Click the Watch button to subscribe.
