PT-2018-18596 · Jenkins · Jenkins Mailer Plugin+1

Kl3_Gmjq6

Publicado

2018-03-27

Atualizado

2022-05-14

CVE-2018-8718

CVSS v3.1

8.0

Alta

Vetor

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jenkins Mailer Plugin version 1.20

Description A cross-site request forgery issue exists, allowing remote authenticated users to send unauthorized mail as an arbitrary user. This is achieved via a request to the "/descriptorByName/hudson.tasks.Mailer/sendTestMail" API endpoint.

Recommendations For Jenkins Mailer Plugin version 1.20, consider disabling the Mailer Plugin until a patch is available to prevent exploitation. Restrict access to the "/descriptorByName/hudson.tasks.Mailer/sendTestMail" API endpoint to minimize the risk of unauthorized mail being sent.

Exploit

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2018-8718

GHSA-6G57-H38C-Q52G

Produtos afetados

Jenkins

Jenkins Mailer Plugin

PT-2018-18596 · Jenkins · Jenkins Mailer Plugin+1

CVE-2018-8718

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8