CVE-2022-20613
- EPSS 0.09%
- Veröffentlicht 12.01.2022 20:15:08
- Zuletzt bearbeitet 21.11.2024 06:43:09
A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
CVE-2022-20614
- EPSS 2.21%
- Veröffentlicht 12.01.2022 20:15:08
- Zuletzt bearbeitet 21.11.2024 06:43:09
A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
CVE-2020-2252
- EPSS 0.04%
- Veröffentlicht 16.09.2020 14:15:13
- Zuletzt bearbeitet 21.11.2024 05:25:05
Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.
CVE-2017-2651
- EPSS 0.03%
- Veröffentlicht 27.07.2018 18:29:01
- Zuletzt bearbeitet 21.11.2024 03:23:54
jenkins-mailer-plugin before version 1.20 is vulnerable to an information disclosure while using the feature to send emails to a dynamically created list of users based on the changelogs. This could in some cases result in emails being sent to people...
- EPSS 0.78%
- Veröffentlicht 27.03.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 04:14:12
Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.