Moderate severityNVD Advisory· Published Jan 12, 2022· Updated Aug 3, 2024
CVE-2022-20614
CVE-2022-20614
Description
A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:mailerMaven | >= 391.ve4a38c1bcf4b, < 408.vd726a | 408.vd726a |
org.jenkins-ci.plugins:mailerMaven | < 1.34.2 | 1.34.2 |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-558x-h7rg-997vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-20614ghsaADVISORY
- www.openwall.com/lists/oss-security/2022/01/12/6ghsamailing-listWEB
- github.com/jenkinsci/mailer-plugin/commit/5e6051fae61a43564e22aa89cb24ed8a42a26052ghsaWEB
- www.jenkins.io/security/advisory/2022-01-12/ghsaWEB
- www.oracle.com/security-alerts/cpuapr2022.htmlghsaWEB
News mentions
1- Jenkins Security Advisory 2022-01-12Jenkins Security Advisories · Jan 12, 2022