Jenkins Mailer 1.19 for Jenkins

CPE Details

Jenkins Mailer 1.19 for Jenkins
jenkins
mailer
1.19
2019-04-16
11h41 +00:00
2019-04-16
11h41 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:jenkins:mailer:1.19:*:*:*:*:jenkins:*:*

Informations

Vendor

jenkins

Product

mailer

Version

1.19

Target Software

jenkins

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-20613 2022-01-11 23h00 +00:00 A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
4.3
Medium
CVE-2022-20614 2022-01-11 23h00 +00:00 A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
4.3
Medium
CVE-2020-2252 2020-09-16 11h20 +00:00 Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.
4.8
Medium
CVE-2017-2651 2018-07-27 16h00 +00:00 jenkins-mailer-plugin before version 1.20 is vulnerable to an information disclosure while using the feature to send emails to a dynamically created list of users based on the changelogs. This could in some cases result in emails being sent to people who have no user account in Jenkins, and in rare cases even people who were not involved in whatever project was being built, due to some mapping based on the local-part of email addresses.
3.7
Low
CVE-2018-8718 2018-03-27 14h00 +00:00 Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.
8
High