VDB

CISA-2023-32979

CISA-2023-32979 PUBLISHED CVSS 4.3 MEDIUM

Reported by jenkins · Published May 16, 2023

Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system.

Risk Scores

CVSS 3.1
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected Products

VendorProductVersions
Jenkins ProjectJenkins Email Extension Plugin2.96.1, 2.89.0.2
Jenkins ProjectJenkins Email Extension Plugin2.89.0.2, 2.96.1, 2.96.1

Timeline

  • May 16, 2023 CVE Published
  • Jan 23, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›