{"id":"CVE-2025-53651","details":"Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log.","aliases":["GHSA-367v-5ppj-2hrx"],"modified":"2026-04-10T05:30:55.047714Z","published":"2025-07-09T16:15:24.513Z","references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/07/09/4"},{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3547"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/htmlpublisher-plugin","events":[{"introduced":"0"},{"fixed":"1323e9b8df2a8d132f72f7409350243714184e10"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"427"}]}}],"versions":["424.va_e57f1253461","htmlpublisher-0.5","htmlpublisher-0.6","htmlpublisher-0.7","htmlpublisher-0.8","htmlpublisher-1.0","htmlpublisher-1.1","htmlpublisher-1.10","htmlpublisher-1.11","htmlpublisher-1.12","htmlpublisher-1.13","htmlpublisher-1.14","htmlpublisher-1.15","htmlpublisher-1.16","htmlpublisher-1.17","htmlpublisher-1.18","htmlpublisher-1.19","htmlpublisher-1.2","htmlpublisher-1.20","htmlpublisher-1.21","htmlpublisher-1.22","htmlpublisher-1.22-beta-1","htmlpublisher-1.23","htmlpublisher-1.24","htmlpublisher-1.25","htmlpublisher-1.26","htmlpublisher-1.27","htmlpublisher-1.28","htmlpublisher-1.29","htmlpublisher-1.3","htmlpublisher-1.30","htmlpublisher-1.31","htmlpublisher-1.32","htmlpublisher-1.33","htmlpublisher-1.34","htmlpublisher-1.35","htmlpublisher-1.36","htmlpublisher-1.37","htmlpublisher-1.4","htmlpublisher-1.5","htmlpublisher-1.6","htmlpublisher-1.7","htmlpublisher-1.8","htmlpublisher-1.9","htmlpublisher-425"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53651.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}]}