Описание
Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.96 (включая)
cpe:2.3:a:jenkins:email_extension:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 27%
0.00098
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-732
CWE-732
Связанные уязвимости
CVSS3: 4.3
redhat
больше 2 лет назад
Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system.
CVSS3: 4.3
github
больше 2 лет назад
Jenkins Email Extension Plugin missing permission check
EPSS
Процентиль: 27%
0.00098
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-732
CWE-732