PT-2019-8728 · Jenkins · Jenkins Email Extension Template Plugin+1

Daniel Beck

Published

2019-01-09

Updated

2022-05-14

CVE-2018-1000417

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jenkins Email Extension Template Plugin version 1.0 and earlier

Description A cross-site request forgery issue exists in the ExtEmailTemplateManagement.java file, allowing unauthorized creation or removal of templates.

Recommendations For Jenkins Email Extension Template Plugin version 1.0 and earlier, consider disabling the ExtEmailTemplateManagement.java functionality until a patch is available to prevent unauthorized template creation or removal.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2018-1000417

GHSA-4M38-GQH8-X266

Affected Products

Jenkins

Jenkins Email Extension Template Plugin

PT-2019-8728 · Jenkins · Jenkins Email Extension Template Plugin+1

CVE-2018-1000417

Weakness Enumeration

Related Identifiers

Affected Products

References · 6