Jenkins Mailer
By the Year
In 2023 there have been 0 vulnerabilities in Jenkins Mailer . Last year Mailer had 2 security vulnerabilities published. Right now, Mailer is on track to have less security vulnerabilities in 2023 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 0 | 0.00 |
2022 | 2 | 4.30 |
2021 | 0 | 0.00 |
2020 | 1 | 4.80 |
2019 | 0 | 0.00 |
2018 | 1 | 8.00 |
It may take a day or so for new Mailer vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Mailer Security Vulnerabilities
A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier
CVE-2022-20614
4.3 - Medium
- January 12, 2022
A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
AuthZ
A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier
CVE-2022-20613
4.3 - Medium
- January 12, 2022
A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
Session Riding
Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.
CVE-2020-2252
4.8 - Medium
- September 16, 2020
Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.
Improper Certificate Validation
Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111
CVE-2018-8718
8 - High
- March 27, 2018
Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.
Session Riding
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Mailer or by Jenkins? Click the Watch button to subscribe.
