CVE-2023-25764

Name of the Vulnerable Software and Affected Versions Jenkins Email Extension Plugin versions 2.93 and earlier

Description The issue is related to a stored cross-site scripting (XSS) vulnerability. It occurs because the plugin does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering. This makes it exploitable by attackers who can create or change custom email templates.

Recommendations For Jenkins Email Extension Plugin versions 2.93 and earlier, update to a version later than 2.93 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.