Jenkins Mailer
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Jenkins Mailer.
By the Year
In 2025 there have been 0 vulnerabilities in Jenkins Mailer. Mailer did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 2 | 4.30 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 4.80 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 8.00 |
It may take a day or so for new Mailer vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Mailer Security Vulnerabilities
A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier
CVE-2022-20614
4.3 - Medium
- January 12, 2022
A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
AuthZ
A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier
CVE-2022-20613
4.3 - Medium
- January 12, 2022
A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
Session Riding
Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.
CVE-2020-2252
4.8 - Medium
- September 16, 2020
Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.
Improper Certificate Validation
Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111
CVE-2018-8718
8 - High
- March 27, 2018
Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.
Session Riding
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Mailer or by Jenkins? Click the Watch button to subscribe.
