Mailer Jenkins Mailer

stack.watch can notify you when security vulnerabilities are reported in Jenkins Mailer. You can add multiple products that you use with Mailer to create your own personal software stack watcher.

By the Year

In 2020 there have been 1 vulnerability in Jenkins Mailer with an average score of 4.8 out of ten. Last year Mailer had 0 security vulnerabilities published. That is, 1 more vulnerability have already been reported in 2020 as compared to last year.

Year Vulnerabilities Average Score
2020 1 4.80
2019 0 0.00
2018 1 8.00

It may take a day or so for new Mailer vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Jenkins Mailer Security Vulnerabilities

Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.

CVE-2020-2252 4.8 - Medium - September 16, 2020

Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.

CVE-2020-2252 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 2.2 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Improper Certificate Validation

Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111

CVE-2018-8718 8 - High - March 27, 2018

Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.

CVE-2018-8718 is exploitable with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.1 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

352