CVE-2018-8718

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-8718

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-8718.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-8718

Aliases

GHSA-6g57-h38c-q52g

Published

2018-03-27T16:29:00Z

Modified

2024-09-03T02:08:29.074797Z

Severity

8.0 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.

References

Affected packages

Git / github.com/jenkinsci/mailer-plugin

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/mailer-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

0db7a879958f65d369b2d7d621665d98ffd1a1cf

Affected versions

mailer-1.*

mailer-1.0

mailer-1.1

mailer-1.10

mailer-1.11

mailer-1.12

mailer-1.12-beta-1

mailer-1.13

mailer-1.14

mailer-1.15

mailer-1.16

mailer-1.17

mailer-1.18

mailer-1.19

mailer-1.2

mailer-1.20

mailer-1.3

mailer-1.4

mailer-1.5

mailer-1.6

mailer-1.7

mailer-1.8

mailer-1.9