106 matches found
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job...
CVE-2023-32980
A cross-site request forgery CSRF vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job...
CVE-2023-32980
A cross-site request forgery CSRF vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job...
CVE-2023-32980
CVE-2023-32980 describes a CSRF vulnerability in the Jenkins Email Extension Plugin that allows an attacker to stop watching a job on behalf of another user. Affected component: Jenkins Email Extension Plugin (plugin versions 2.96 and earlier). Root cause: CSRF flaw enabling unauthorized state-ch...
CVE-2023-32979
Summary : CVE-2023-32979 affects the Jenkins Email Extension Plugin; a permission check is missing in a form-validation method, enabling attackers with Overall/Read to probe for the existence of files under the Jenkins home directory (email-templates/). This is supported by the NVD entry and corr...
Jenkins Plugin Email Extension 跨站请求伪造漏洞
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins Plugin Email Extension. An attacker could exploit the vulnerability to allow...
PT-2023-24113 · Jenkins · Jenkins Email Extension Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Email Extension Plugin versions 2.96 and earlier Description: A cross-site request forgery CSRF vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job. This issue...
GHSA-C9C2-WCXH-3W5J Sandbox escape in Jenkins Email Extension Plugin
In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller J...
Sandbox escape in Jenkins Email Extension Plugin
In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller J...
CVE-2023-25763
Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control affected fields...
CVE-2023-25765
In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller J...
CVE-2023-25763
Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control affected fields...
CVE-2023-25765
In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller J...
CVE-2023-25764
Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create or change custom email...
CVE-2023-25764
Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create or change custom email...
Cross site scripting
Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create or change custom email...
Code injection
In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller J...
SUSE CVE-2018-1000176
An exposure of sensitive information vulnerability exists in Jenkins Email Extension Plugin 2.61 and older in src/main/resources/hudson/plugins/emailext/ExtendedEmailPublisher/global.groovy and ExtendedEmailPublisherDescriptor.java that allows attackers with control of a Jenkins administrator's w...
CVE-2023-25765
In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller J...
CVE-2023-25764
Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create or change custom email...