A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified...
4.3CVSS
4.7AI Score
0.002EPSS
A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified...
4.3CVSS
4.5AI Score
0.001EPSS
Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP...
4.8CVSS
4.8AI Score
0.001EPSS
jenkins-mailer-plugin before version 1.20 is vulnerable to an information disclosure while using the feature to send emails to a dynamically created list of users based on the changelogs. This could in some cases result in emails being sent to people who have no user account in Jenkins, and in...
3.7CVSS
3.9AI Score
0.001EPSS
Jenkins 2.73.1 and earlier, 2.83 and earlier provides information about Jenkins user accounts which is generally available to anyone with Overall/Read permissions via the /user/(username)/api remote API. This included e.g. Jenkins users' email addresses if the Mailer Plugin is installed. The...
4.3CVSS
4.6AI Score
0.001EPSS