CVE-2023-25763

Name of the Vulnerable Software and Affected Versions Jenkins Email Extension Plugin versions 2.93 and earlier

Description The issue is related to a stored cross-site scripting (XSS) vulnerability. It occurs because various fields included in bundled email templates are not properly escaped, allowing attackers who can control these fields to exploit the vulnerability.

Recommendations For Jenkins Email Extension Plugin versions 2.93 and earlier, update to a version later than 2.93 to resolve the issue. As a temporary workaround, consider restricting access to email templates to minimize the risk of exploitation.