Vulnerabilities > Jenkins > Email Extension > 2.93.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-16 | CVE-2023-32979 | Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins Email Extension Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system. | 4.3 |
| 2023-05-16 | CVE-2023-32980 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Email Extension A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job. | 4.3 |