CVE-2017-2651

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-2651

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-2651.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-2651

Aliases

GHSA-9v72-p5p3-9w65

Published

2018-07-27T18:29:01Z

Modified

2024-09-03T01:49:38.289719Z

Severity

3.7 (Low) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

jenkins-mailer-plugin before version 1.20 is vulnerable to an information disclosure while using the feature to send emails to a dynamically created list of users based on the changelogs. This could in some cases result in emails being sent to people who have no user account in Jenkins, and in rare cases even people who were not involved in whatever project was being built, due to some mapping based on the local-part of email addresses.

References

Affected packages

Git / github.com/jenkinsci/mailer-plugin

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/mailer-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0db7a879958f65d369b2d7d621665d98ffd1a1cf

Affected versions

mailer-1.*

mailer-1.0

mailer-1.1

mailer-1.10

mailer-1.11

mailer-1.12

mailer-1.12-beta-1

mailer-1.13

mailer-1.14

mailer-1.15

mailer-1.16

mailer-1.17

mailer-1.18

mailer-1.19

mailer-1.2

mailer-1.3

mailer-1.4

mailer-1.5

mailer-1.6

mailer-1.7

mailer-1.8

mailer-1.9