Описание
Jenkins Email Extension Plugin missing permission check
Jenkins Email Extension Plugin 2.96 and earlier does not perform a permission check in a method implementing form validation.
This allows attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system.
This form validation method requires the appropriate permission in Email Extension Plugin 2.96.1.
Пакеты
org.jenkins-ci.plugins:email-ext
< 2.96.1
2.96.1
Связанные уязвимости
Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system.
Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system.