Lucene search

K
cvelistJenkinsCVELIST:CVE-2022-20614
HistoryJan 12, 2022 - 12:00 a.m.

CVE-2022-20614

2022-01-1200:00:00
jenkins
www.cve.org
1

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.4%

A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.

CNA Affected

[
  {
    "product": "Jenkins Mailer Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "status": "unaffected",
        "version": "1.34.2"
      },
      {
        "lessThanOrEqual": "391.ve4a_38c1b_cf4b_",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.4%