CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32980 – jenkins-2-plugin: email-ext: CSRF vulnerability in Email Extension Plugin
https://notcve.org/view.php?id=CVE-2023-32980
A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job. A flaw was found in the Jenkins Email Extension Plugin. Affected versions of the Jenkins Email Extension Plugin are vulnerable to cross-site request forgery caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to make another user stop watching an attacker-specified job. An attacker can perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. • https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3088%20(2) https://access.redhat.com/security/cve/CVE-2023-32980 https://bugzilla.redhat.com/show_bug.cgi?id=2207833 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32979 – jenkins-2-plugin: email-ext: Missing permission check in Email Extension Plugin
https://notcve.org/view.php?id=CVE-2023-32979
Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system. A flaw was found in the Jenkins Email Extension Plugin. Affected versions of the Jenkins Email Extension Plugin could allow a remote, authenticated attacker to obtain sensitive information caused by improper permission validation. By sending a specially crafted request, an attacker can check for the existence of files in the email-templates/ directory and use this information to launch further attacks against the affected system. • https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3088%20(1) https://access.redhat.com/security/cve/CVE-2023-32979 https://bugzilla.redhat.com/show_bug.cgi?id=2207831 • CWE-266: Incorrect Privilege Assignment CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25765
https://notcve.org/view.php?id=CVE-2023-25765
In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. • http://www.openwall.com/lists/oss-security/2023/02/15/4 https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-2939 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25763
https://notcve.org/view.php?id=CVE-2023-25763
Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control affected fields. • http://www.openwall.com/lists/oss-security/2023/02/15/4 https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-2931 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25764
https://notcve.org/view.php?id=CVE-2023-25764
Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or change custom email templates. • http://www.openwall.com/lists/oss-security/2023/02/15/4 https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-2934 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •