Lucene search
K

106 matches found

Prion
Prion
added 2023/05/16 4:15 p.m.20 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job...

4.3CVSS4.8AI score0.00368EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/16 4:0 p.m.7 views

CVE-2023-32980

A cross-site request forgery CSRF vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job...

6.6AI score0.00368EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/05/16 4:0 p.m.34 views

CVE-2023-32980

A cross-site request forgery CSRF vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job...

5.3AI score0.00368EPSS
Exploits0References1
CVE
CVE
added 2023/05/16 4:0 p.m.102 views

CVE-2023-32980

CVE-2023-32980 describes a CSRF vulnerability in the Jenkins Email Extension Plugin that allows an attacker to stop watching a job on behalf of another user. Affected component: Jenkins Email Extension Plugin (plugin versions 2.96 and earlier). Root cause: CSRF flaw enabling unauthorized state-ch...

4.3CVSS4.4AI score0.00368EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/16 4:0 p.m.95 views

CVE-2023-32979

Summary : CVE-2023-32979 affects the Jenkins Email Extension Plugin; a permission check is missing in a form-validation method, enabling attackers with Overall/Read to probe for the existence of files under the Jenkins home directory (email-templates/). This is supported by the NVD entry and corr...

4.3CVSS4.3AI score0.00503EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/05/16 12:0 a.m.6 views

Jenkins Plugin Email Extension 跨站请求伪造漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins Plugin Email Extension. An attacker could exploit the vulnerability to allow...

4.3CVSS5.1AI score0.00368EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/05/16 12:0 a.m.1 views

PT-2023-24113 · Jenkins · Jenkins Email Extension Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Email Extension Plugin versions 2.96 and earlier Description: A cross-site request forgery CSRF vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job. This issue...

4.3CVSS6.8AI score0.00368EPSS
Exploits0References7
OSV
OSV
added 2023/02/15 3:30 p.m.31 views

GHSA-C9C2-WCXH-3W5J Sandbox escape in Jenkins Email Extension Plugin

In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller J...

9.9CVSS9.7AI score0.01095EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/02/15 3:30 p.m.40 views

Sandbox escape in Jenkins Email Extension Plugin

In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller J...

9.9CVSS9.4AI score0.01095EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2023/02/15 2:15 p.m.24 views

CVE-2023-25763

Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control affected fields...

5.4CVSS5.3AI score0.00602EPSS
Exploits0References2
OSV
OSV
added 2023/02/15 2:15 p.m.21 views

CVE-2023-25765

In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller J...

9.9CVSS9.8AI score
Exploits0References2
OSV
OSV
added 2023/02/15 2:15 p.m.18 views

CVE-2023-25763

Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control affected fields...

5.4CVSS5.3AI score
Exploits0References2
NVD
NVD
added 2023/02/15 2:15 p.m.44 views

CVE-2023-25765

In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller J...

9.9CVSS9.7AI score0.01095EPSS
Exploits0References2
NVD
NVD
added 2023/02/15 2:15 p.m.30 views

CVE-2023-25764

Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create or change custom email...

5.4CVSS5.3AI score0.00602EPSS
Exploits0References2
OSV
OSV
added 2023/02/15 2:15 p.m.19 views

CVE-2023-25764

Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create or change custom email...

5.4CVSS5.4AI score
Exploits0References2
Prion
Prion
added 2023/02/15 2:15 p.m.25 views

Cross site scripting

Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create or change custom email...

4.9CVSS5.3AI score0.00602EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/02/15 2:15 p.m.32 views

Code injection

In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller J...

6.5CVSS9.7AI score0.01095EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 4:20 a.m.6 views

SUSE CVE-2018-1000176

An exposure of sensitive information vulnerability exists in Jenkins Email Extension Plugin 2.61 and older in src/main/resources/hudson/plugins/emailext/ExtendedEmailPublisher/global.groovy and ExtendedEmailPublisherDescriptor.java that allows attackers with control of a Jenkins administrator's w...

6.5CVSS6.3AI score0.00988EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/02/15 12:0 a.m.8 views

CVE-2023-25765

In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller J...

9.7AI score0.01095EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/02/15 12:0 a.m.12 views

CVE-2023-25764

Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create or change custom email...

5.3AI score0.00602EPSS
Exploits0References2
Rows per page
Query Builder