Vulnerabilities > Jenkins > Mailer > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-01-12 CVE-2022-20613 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
network
low complexity
jenkins oracle CWE-352
4.3
2022-01-12 CVE-2022-20614 Missing Authorization vulnerability in multiple products
A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
network
low complexity
jenkins oracle CWE-862
4.3
2020-09-16 CVE-2020-2252 Improper Certificate Validation vulnerability in Jenkins Mailer
Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.
network
high complexity
jenkins CWE-295
4.8