High severityNVD Advisory· Published Jan 9, 2019· Updated Aug 5, 2024

CVE-2018-1000417

Description

A cross-site request forgery vulnerability exists in Jenkins Email Extension Template Plugin 1.0 and earlier in ExtEmailTemplateManagement.java that allows creating or removing templates.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cross-site request forgery vulnerability in Jenkins Email Extension Template Plugin 1.0 and earlier allows creating or removing email templates.

Vulnerability

A cross-site request forgery (CSRF) vulnerability exists in Jenkins Email Extension Template Plugin version 1.0 and earlier in ExtEmailTemplateManagement.java [1]. The plugin allowed creating or removing email templates via endpoints that did not require POST requests, enabling CSRF attacks.

Exploitation

An attacker can exploit this vulnerability by tricking an authenticated Jenkins administrator into clicking a malicious link or visiting a crafted web page [1]. The forged request will perform template creation or removal on behalf of the victim, without their knowledge or consent.

Impact

Successful exploitation allows an attacker to create or remove email templates [2]. This can lead to unauthorized modification of email notifications or denial of service by deleting essential templates. No privileges beyond those of the victim are obtained.

Mitigation

The vulnerability is fixed in the plugin source by adding the @RequirePOST annotation to the doRemoveTemplate and doSaveTemplate methods, and updating forms to use POST requests [3]. Users should upgrade to a version beyond 1.0 or apply the commit from the project repository. No workaround is available for unpatched versions.

References

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.jenkins-ci.plugins:email-extMaven	< 1.1	1.1

Affected products

WordPress/Email Extension Template Plugininferred
Range: <=1.0
Package: https://wordpress.org/plugins/email-extension-template-plugin
ghsa-coords
pkg:maven/org.jenkins-ci.plugins/email-ext
Range: < 1.1

Patches

74653060cef7

[SECURITY-1125]

https://github.com/jenkinsci/emailext-template-pluginAlex EarlSep 12, 2018via ghsa

commit

2 files changed · +13 −7

src/main/java/org/jenkinsci/plugins/emailext_template/ExtEmailTemplateManagement.java+4 −1 modified

@@ -13,6 +13,7 @@
 import org.kohsuke.stapler.QueryParameter;

 import org.kohsuke.stapler.StaplerRequest;

 import org.kohsuke.stapler.StaplerResponse;

+import org.kohsuke.stapler.interceptor.RequirePOST;

 

 

 @Extension

@@ -93,13 +94,15 @@ public void doEditTemplate(StaplerRequest req, StaplerResponse rsp, @QueryParame
      * @return forward to 'index'

      * @throws IOException

      */

+    @RequirePOST

     public HttpResponse doRemoveTemplate(StaplerRequest res, StaplerResponse rsp, @QueryParameter("id") String templateId) throws IOException {

         checkPermission(Jenkins.ADMINISTER);

         ExtendedEmailTemplatePublisher.DescriptorImpl descriptor = getPublisherDescriptor();

         descriptor.removeTemplateById(templateId);

         return new HttpRedirect("index");

     }

-    

+

+    @RequirePOST

     public HttpResponse doSaveTemplate(StaplerRequest req) {

         checkPermission(Jenkins.ADMINISTER);

         try {

src/main/resources/org/jenkinsci/plugins/emailext_template/ExtEmailTemplateManagement/index.groovy+9 −6 modified

@@ -46,9 +46,12 @@ l.layout(permission:app.ADMINISTER, norefresh: true) {
             a(href:"editTemplate?id=${t.id}") {

               img(width:"16", height:"16", title:_("Edit template")+" "+t.name, src:"${imagesURL}/16x16/document_edit.gif")

             }

-            a(href:"removeTemplate?id=${t.id}", onclick:"return emailexttemplate_confirmDelete('${t.name}')") {

+            a(href:"removeTemplate?id=${t.id}", onclick:"return emailexttemplate_confirmDelete('${t.name}', '${t.id}')") {

               img(width:"16", height:"16", title:_("Remove template")+" "+t.name, src:"${imagesURL}/16x16/edit-delete.gif")

             }

+            form(method: "post", action: "removeTemplate", id:"removeForm") {

+              input(type: "hidden", "name": "id", id:"removeId")

+            }

           }

           td {

             b(t.name)

@@ -61,12 +64,12 @@ l.layout(permission:app.ADMINISTER, norefresh: true) {
       }

     }

     

-    script("function emailexttemplate_confirmDelete(name) {\n" +

+    script("function emailexttemplate_confirmDelete(name, id) {\n" +

         "if (confirm(\"Are you sure you want to delete [\"+name+\"]?\")) {\n" +

-        "    return true;\n" +

-        "}else{\n" +

-        "    return false;\n" +

+            "document.getElementById('removeId').value = id;\n" +

+            "document.getElementById('removeForm').submit();\n" +

         "}\n" +

-        "}\n")  

+        "return false;\n" +

+        "}\n")

   }

 }
\ No newline at end of file

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-4m38-gqh8-x266ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2018-1000417ghsaADVISORY
www.securityfocus.com/bid/106532ghsavdb-entryx_refsource_BIDWEB
github.com/jenkinsci/emailext-template-plugin/commit/74653060cef7507425642841e0f2e58d10aa389fghsaWEB
jenkins.io/security/advisory/2018-09-25/ghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000