A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a38c1bcf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*"
],
"vendor_product": "oracle:communications_cloud_native_core_automated_test_suite",
"extracted_events": [
{
"introduced": "1.9.0"
},
{
"last_affected": "1.9.0"
}
],
"source": "CPE_STRING"
}
]
}{
"cpe": [
"cpe:2.3:a:jenkins:mailer:*:*:*:*:*:jenkins:*:*",
"cpe:2.3:a:jenkins:mailer:391.ve4a_38c1b_cf4b_:-:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "1.34.2"
},
{
"introduced": "391.ve4a_38c1b_cf4b_-NA"
},
{
"last_affected": "391.ve4a_38c1b_cf4b_-NA"
}
],
"source": [
"CPE_RANGE",
"CPE_STRING"
]
}