A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-01-12
A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
CVSS Score
4.3
EPSS Score
0.022
Published
2022-01-12
Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.
CVSS Score
4.8
EPSS Score
0.0
Published
2020-09-16
Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.
CVSS Score
8.0
EPSS Score
0.008
Published
2018-03-27