External Control of File Name or Path

Overview org.jenkins-ci.plugins:email-ext is a plugin that allows you to configure every aspect of email notifications. Affected versions of this package are vulnerable to External Control of File Name or Path via the data-inline attribute. An attacker can gain control of the email content and re...

CVE-2026-48920

Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as base64 in email content by setting the data-inline attribute, without restrictions on the image URLs that can be inlined, allowing attackers able to control the email content to specify file: URLs for images t...

CVE-2026-48920

Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as base64 in email content by setting the data-inline attribute, without restrictions on the image URLs that can be inlined, allowing attackers able to control the email content to specify file: URLs for images t...

Jenkins Email Extension Plugin 安全漏洞

The Jenkins Email Extension Plugin is an open-source extension for Jenkins that handles email notifications and build messages. The Jenkins Email Extension Plugin versions 1933.v45cec755423f and earlier contain security vulnerabilities. These vulnerabilities stem from allowing base64-encoded imag...

PT-2026-44013

Name of the Vulnerable Software and Affected Versions Jenkins Email Extension Plugin versions prior to 1933.v45cec755423f Description The plugin allows inlining images as base64 in email content by setting the data-inline attribute. Because there are no restrictions on the image URLs that can be...

CVE-2018-1000176

An exposure of sensitive information vulnerability exists in Jenkins Email Extension Plugin 2.61 and older in src/main/resources/hudson/plugins/emailext/ExtendedEmailPublisher/global.groovy and ExtendedEmailPublisherDescriptor.java that allows attackers with control of a Jenkins administrator's w...

EUVD-2023-0690

Malicious code in bioql PyPI...

EUVD-2022-2432

Malicious code in bioql PyPI...

EUVD-2022-4028

Malicious code in bioql PyPI...

EUVD-2023-1482

Malicious code in bioql PyPI...

EUVD-2022-5047

Malicious code in bioql PyPI...

EUVD-2023-0746

Malicious code in bioql PyPI...

EUVD-2023-0717

Malicious code in bioql PyPI...

CVE-2020-2253

Jenkins Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server...

jenkins-2-plugin: email-ext: Missing permission check in Email Extension Plugin

A flaw was found in the Jenkins Email Extension Plugin. Affected versions of the Jenkins Email Extension Plugin could allow a remote, authenticated attacker to obtain sensitive information caused by improper permission validation. By sending a specially crafted request, an attacker can check for...

Improper Validation

Jenkins Email Extension Plugin is vulnerable to Improper Validation. The vulnerability exists due to lack of form validations which allows an attacker to gain read access to the email-templates/ file directory...

CVE-2023-32979

A flaw was found in the Jenkins Email Extension Plugin. Affected versions of the Jenkins Email Extension Plugin could allow a remote, authenticated attacker to obtain sensitive information caused by improper permission validation. By sending a specially crafted request, an attacker can check for...

CVE-2023-32980

A flaw was found in the Jenkins Email Extension Plugin. Affected versions of the Jenkins Email Extension Plugin are vulnerable to cross-site request forgery caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker...

GHSA-2F89-66V2-9P53 Jenkins Email Extension Plugin Cross-Site Request Forgery vulnerability

Jenkins Email Extension Plugin 2.96 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This allows attackers to make another user stop watching an attacker-specified job. Email Extension Plugin 2.96.1 requires POST reques...

GHSA-6GP4-2F92-J2W5 Jenkins Email Extension Plugin missing permission check

Jenkins Email Extension Plugin 2.96 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller fi...