Lucene search
K

CVE-2018-8718

🗓️ 27 Mar 2018 16:00:00Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov👁 105 Views🌐 WEB

Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user

Related
Detection
Refs
Paths
NVD
Node
jenkinsmailerRange1.20jenkins
ParameterPositionPathDescriptionCWE
charsetquery param/descriptorByName/hudson.tasks.Mailer/sendTestMailCSRF: Jenkins Mailer Plugin sends test mail via descriptorByName/hudson.tasks.Mailer/sendTestMail with query params, enabling unauthenticated or mis-authenticated actions when CSRF protection is not enforced.CWE-352
sendTestMailToquery param/descriptorByName/hudson.tasks.Mailer/sendTestMailCSRF: Jenkins Mailer Plugin sends test mail via descriptorByName/hudson.tasks.Mailer/sendTestMail with query params, enabling unauthenticated or mis-authenticated actions when CSRF protection is not enforced.CWE-352
adminAddressquery param/descriptorByName/hudson.tasks.Mailer/sendTestMailCSRF: Jenkins Mailer Plugin sends test mail via descriptorByName/hudson.tasks.Mailer/sendTestMail with query params, enabling unauthenticated or mis-authenticated actions when CSRF protection is not enforced.CWE-352
smtpPortquery param/descriptorByName/hudson.tasks.Mailer/sendTestMailCSRF: Jenkins Mailer Plugin sends test mail via descriptorByName/hudson.tasks.Mailer/sendTestMail with query params, enabling unauthenticated or mis-authenticated actions when CSRF protection is not enforced.CWE-352
smtpServerquery param/descriptorByName/hudson.tasks.Mailer/sendTestMailCSRF: Jenkins Mailer Plugin sends test mail via descriptorByName/hudson.tasks.Mailer/sendTestMail with query params, enabling unauthenticated or mis-authenticated actions when CSRF protection is not enforced.CWE-352
smtpAuthPasswordSecretquery param/descriptorByName/hudson.tasks.Mailer/sendTestMailCSRF: Jenkins Mailer Plugin sends test mail via descriptorByName/hudson.tasks.Mailer/sendTestMail with query params, enabling unauthenticated or mis-authenticated actions when CSRF protection is not enforced.CWE-352
useSMTPAuthquery param/descriptorByName/hudson.tasks.Mailer/sendTestMailCSRF: Jenkins Mailer Plugin sends test mail via descriptorByName/hudson.tasks.Mailer/sendTestMail with query params, enabling unauthenticated or mis-authenticated actions when CSRF protection is not enforced.CWE-352
useSslquery param/descriptorByName/hudson.tasks.Mailer/sendTestMailCSRF: Jenkins Mailer Plugin sends test mail via descriptorByName/hudson.tasks.Mailer/sendTestMail with query params, enabling unauthenticated or mis-authenticated actions when CSRF protection is not enforced.CWE-352
smtpAuthUserNamequery param/descriptorByName/hudson.tasks.Mailer/sendTestMailCSRF: Jenkins Mailer Plugin sends test mail via descriptorByName/hudson.tasks.Mailer/sendTestMail with query params, enabling unauthenticated or mis-authenticated actions when CSRF protection is not enforced.CWE-352

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 02:05Current
7.5High risk
Vulners AI Score7.5
CVSS 26
CVSS 38
EPSS0.06773
105