A missing permissions verification vulnerability was found in the Jenkins Mailer plugin. The form validation method does not perform a permission check which allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.