Vulnerabilities > Jenkins > Mailer

DATE CVE VULNERABILITY TITLE RISK
2022-01-12 CVE-2022-20613 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
network
low complexity
jenkins oracle CWE-352
4.3
2022-01-12 CVE-2022-20614 Missing Authorization vulnerability in multiple products
A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
network
low complexity
jenkins oracle CWE-862
4.3
2020-09-16 CVE-2020-2252 Improper Certificate Validation vulnerability in Jenkins Mailer
Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.
network
high complexity
jenkins CWE-295
4.8
2018-07-27 CVE-2017-2651 Information Exposure vulnerability in Jenkins Mailer
jenkins-mailer-plugin before version 1.20 is vulnerable to an information disclosure while using the feature to send emails to a dynamically created list of users based on the changelogs.
network
high complexity
jenkins CWE-200
3.7
2018-03-27 CVE-2018-8718 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Mailer
Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.
network
low complexity
jenkins CWE-352
8.0