Lucene search
GoogleOSV:GHSA-558X-H7RG-997VHistoryJan 13, 2022 - 12:01 a.m.
Incorrect Permission Assignment for Critical Resource in Jenkins Mailer Plugin
2022-01-1300:01:04
Google
osv.dev
12
jenkins
mailer plugin
permission assignment
critical resource
security vulnerability
cross-site request forgery
dns resolution
Jenkins Mailer Plugin prior to 408.vd726a_1130320 and 1.34.2 does not perform a permission check in a method implementing form validation.
This allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
Additionally, this form validation method does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.
Mailer Plugin 408.vd726a_1130320 and 1.34.2 requires POST requests and Overall/Administer permission for the affected form validation method.
Related
cve
cve
CVE-2022-20614
2022-01-12 20:15:08
redhatcve
redhatcve
CVE-2022-20614
2022-01-24 17:40:24
cvelist
cvelist
CVE-2022-20614
2022-01-12 00:00:00
nvd
nvd
CVE-2022-20614
2022-01-12 20:15:08
github
github
osv
osv
CVE-2022-20614
2022-01-12 20:15:08
cnvd
cnvd
Jenkins Mailer Plugin Permissions and Access Control Issues Vulnerability
2022-01-21 00:00:00
prion
prion
Design/Logic Flaw
2022-01-12 20:15:00
alpinelinux
alpinelinux
CVE-2022-20614
2022-01-12 20:15:08
nessus
nessus
Jenkins LTS < 2.319.2 / Jenkins weekly < 2.330 Multiple Vulnerabilities
2022-01-21 00:00:00
Jenkins plugins Multiple Vulnerabilities (2022-01-12)
2022-01-21 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00