Jenkins · Jenkins Mailer Plugin · CVE-2018-8718
**Name of the Vulnerable Software and Affected Versions**
Jenkins Mailer Plugin version 1.20
**Description**
A cross-site request forgery issue exists, allowing remote authenticated users to send unauthorized mail as an arbitrary user. This is achieved via a request to the "/descriptorByName/hudson.tasks.Mailer/sendTestMail" API endpoint.
**Recommendations**
For Jenkins Mailer Plugin version 1.20, consider disabling the Mailer Plugin until a patch is available to prevent exploitation. Restrict access to the "/descriptorByName/hudson.tasks.Mailer/sendTestMail" API endpoint to minimize the risk of unauthorized mail being sent.