A cross-site request forgery (CSRF) vulnerability in Jenkins HTMLResource Plugin 1.02 and earlier allows attackers to delete arbitrary files on the Jenkins controller file system.

Affected Packages

Maven org.jenkins-ci.plugins:htmlresource

Affected versions: 0 (last affected: 1.02)

Related CVEs

CVE-2023-50774

Key Information

GHSA ID

GHSA-7ccg-jm7j-4f8v

Published

December 13, 2023 6:31 PM

Last Modified

December 18, 2023 6:39 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:htmlresource

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 24, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.