Maven package
org.jenkins-ci.plugins/mailer
pkg:maven/org.jenkins-ci.plugins/mailer
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-20614 | — | >= 391.ve4a38c1bcf4b, < 408.vd726a | 408.vd726a | Jan 12, 2022 | A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname. | ||
| CVE-2022-20613 | — | >= 391.ve4a38c1bcf4b, < 408.vd726a | 408.vd726a | Jan 12, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname. | ||
| CVE-2020-2252 | — | >= 1.32, < 1.32.1 | 1.32.1 | Sep 16, 2020 | Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server. | ||
| CVE-2017-2651 | — | < 1.20 | 1.20 | Jul 27, 2018 | jenkins-mailer-plugin before version 1.20 is vulnerable to an information disclosure while using the feature to send emails to a dynamically created list of users based on the changelogs. This could in some cases result in emails being sent to people who have no user account in J | ||
| CVE-2018-8718 | — | < 1.21 | 1.21 | Mar 27, 2018 | Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request. |
- CVE-2022-20614Jan 12, 2022affected >= 391.ve4a38c1bcf4b, < 408.vd726afixed 408.vd726a
A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
- CVE-2022-20613Jan 12, 2022affected >= 391.ve4a38c1bcf4b, < 408.vd726afixed 408.vd726a
A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
- CVE-2020-2252Sep 16, 2020affected >= 1.32, < 1.32.1fixed 1.32.1
Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.
- CVE-2017-2651Jul 27, 2018affected < 1.20fixed 1.20
jenkins-mailer-plugin before version 1.20 is vulnerable to an information disclosure while using the feature to send emails to a dynamically created list of users based on the changelogs. This could in some cases result in emails being sent to people who have no user account in J
- CVE-2018-8718Mar 27, 2018affected < 1.21fixed 1.21
Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.