Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Mailer Security Vulnerabilities

cve
cve

CVE-2017-2651

jenkins-mailer-plugin before version 1.20 is vulnerable to an information disclosure while using the feature to send emails to a dynamically created list of users based on the changelogs. This could in some cases result in emails being sent to people who have no user account in Jenkins, and in rare...

3.7CVSS

3.9AI Score

0.001EPSS

2018-07-27 06:29 PM
46
cve
cve

CVE-2018-8718

Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.

8CVSS

7.5AI Score

0.008EPSS

2018-03-27 04:29 PM
59
cve
cve

CVE-2020-2252

Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.

4.8CVSS

4.8AI Score

0.001EPSS

2020-09-16 02:15 PM
54
cve
cve

CVE-2022-20613

A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.

4.3CVSS

4.7AI Score

0.002EPSS

2022-01-12 08:15 PM
91
4
cve
cve

CVE-2022-20614

A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.

4.3CVSS

4.5AI Score

0.001EPSS

2022-01-12 08:15 PM
96
4