Jenkins Mailer
By the Year
In 2020 there have been 1 vulnerability in Jenkins Mailer with an average score of 4.8 out of ten. Last year Mailer had 0 security vulnerabilities published. That is, 1 more vulnerability have already been reported in 2020 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2020 | 1 | 4.80 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 8.00 |
It may take a day or so for new Mailer vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.
Latest Jenkins Mailer Security Vulnerabilities
Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.
CVE-2020-2252
4.8 - Medium
- September 16, 2020
Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.
CVE-2020-2252 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 2.2 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Improper Certificate Validation
Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111
CVE-2018-8718
8 - High
- March 27, 2018
Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.
CVE-2018-8718 is exploitable with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.1 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
352