Critical severityNVD Advisory· Published Feb 15, 2023· Updated Mar 19, 2025
CVE-2023-25765
CVE-2023-25765
Description
In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:email-extMaven | < 2.94 | 2.94 |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-c9c2-wcxh-3w5jghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-25765ghsaADVISORY
- www.openwall.com/lists/oss-security/2023/02/15/4ghsamailing-listWEB
- github.com/jenkinsci/email-ext-plugin/commit/ffe44a4c1c1830325787d7ef5e9e19ebf9a936f9ghsaWEB
- www.jenkins.io/security/advisory/2023-02-15/ghsaWEB
News mentions
1- Jenkins Security Advisory 2023-02-15Jenkins Security Advisories · Feb 15, 2023