Jenkins Mailer

Do you want an email whenever new security vulnerabilities are reported in Jenkins Mailer?

By the Year

In 2023 there have been 0 vulnerabilities in Jenkins Mailer . Last year Mailer had 2 security vulnerabilities published. Right now, Mailer is on track to have less security vulnerabilities in 2023 than it did last year.

Year	Vulnerabilities	Average Score
2023	0	0.00
2022	2	4.30
2021	0	0.00
2020	1	4.80
2019	0	0.00
2018	1	8.00

It may take a day or so for new Mailer vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Jenkins Mailer Security Vulnerabilities

A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier

CVE-2022-20614 4.3 - Medium - January 12, 2022

A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.

AuthZ

A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier

CVE-2022-20613 4.3 - Medium - January 12, 2022

A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.

Session Riding

Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.

CVE-2020-2252 4.8 - Medium - September 16, 2020

Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.

Improper Certificate Validation

Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111

CVE-2018-8718 8 - High - March 27, 2018

Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.

Session Riding

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Jenkins Mailer or by Jenkins? Click the Watch button to subscribe.

Jenkins
Vendor

Jenkins Mailer
Product

By the Year

Recent Jenkins Mailer Security Vulnerabilities

A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier CVE-2022-20614 4.3 - Medium - January 12, 2022

A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier CVE-2022-20613 4.3 - Medium - January 12, 2022

Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server. CVE-2020-2252 4.8 - Medium - September 16, 2020

Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 CVE-2018-8718 8 - High - March 27, 2018