CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), cf.pgmann.plugins:url-auth-sso (=1.0) +125 more potentially affected by CVE-2018-8718 via org.jenkins-ci.plugins:mailer (>=1.10 <=1.20)

org.jenkins-ci.plugins:mailer MAVEN version =1.10, =1.9.2-beta, =1.14.0, =4.1.1, =2.30.2, =1.0.22, =1.3.0, =0.11.0, =1.0, =1.0.0, =1.0.1 and more Source cves: CVE-2018-8718 Source advisory: OSV:GHSA-6G57-H38C-Q52G...

8CVSS7.2AI score0.00739EPSS

Exploits5

Github Security Blog•added 2022/05/14 1:29 a.m.•29 views

Cross-Site Request Forgery in Jenkins Mailer Plugin

Cross-site request forgery CSRF vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request...

8CVSS5.3AI score0.00739EPSS

Exploits5References7Affected Software1

OSV•added 2022/05/14 1:29 a.m.•2 views

GHSA-6G57-H38C-Q52G Cross-Site Request Forgery in Jenkins Mailer Plugin

8CVSS6AI score0.00739EPSS

Exploits5References6

OSV•added 2022/05/13 1:36 a.m.•0 views

GHSA-9V72-P5P3-9W65 Exposure of Sensitive Information to an Unauthorized Actor in Jenkins-mailer-plugin

jenkins-mailer-plugin before version 1.20 is vulnerable to an information disclosure while using the feature to send emails to a dynamically created list of users based on the changelogs. This could in some cases result in emails being sent to people who have no user account in Jenkins, and in ra...

3.7CVSS5.9AI score0.00032EPSS

Exploits0References4

RedhatCVE•added 2022/01/24 5:32 p.m.•28 views

CVE-2022-20613

A cross-site request forgery CSRF vulnerability was found in the Jenkins Mailer plugin. The form validation method does not require POST requests...

4.3CVSS2.7AI score0.00606EPSS

Exploits0References4

OSV•added 2022/01/13 12:1 a.m.•19 views

GHSA-85RQ-HP8X-GHJQ Cross-Site Request Forgery in Jenkins Mailer Plugin

Jenkins Mailer Plugin prior to 408.vd726a1130320 and 1.34.2 does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname. Additionally, this form...

4.3CVSS4.7AI score0.00606EPSS

Exploits0References6

ATTACKERKB•added 2022/01/12 8:15 p.m.•3 views

CVE-2022-20613

A cross-site request forgery CSRF vulnerability in Jenkins Mailer Plugin 391.ve4a38c1bcf4b and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname...

4.3CVSS6.7AI score0.00606EPSS

Exploits0References4

NVD•added 2022/01/12 8:15 p.m.•15 views

CVE-2022-20613

4.3CVSS0.00606EPSS

Exploits0References3

ATTACKERKB•added 2022/01/12 8:15 p.m.•4 views

CVE-2022-20614

A missing permission check in Jenkins Mailer Plugin 391.ve4a38c1bcf4b and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname...

4.3CVSS6.6AI score0.00104EPSS

Exploits0References4

Prion•added 2022/01/12 8:15 p.m.•16 views

Cross site request forgery (csrf)

4.3CVSS4.8AI score0.00606EPSS

Exploits0References3Affected Software2

Positive Technologies•added 2022/01/12 12:0 a.m.•1 views

PT-2022-14823 · Jenkins · Jenkins Mailer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Mailer Plugin versions 391.ve4a 38c1b cf4b and earlier Jenkins Mailer Plugin versions prior to 408.vd726a 1130320 and 1.34.2 Description: A missing permission check in the Jenkins Mailer Plugin allows attackers with Overall/Read acces...

4.3CVSS4.8AI score0.00104EPSS

Exploits0References10

CNNVD•added 2022/01/12 12:0 a.m.•4 views

Jenkins Plugin 跨站请求伪造漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . A cross-site request forgery vulnerability exists in Jenkins Mailer that stems from the software's lack of validation f...

4.3CVSS5.5AI score0.00606EPSS

Exploits0References9