CVE-2022-20614
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-20614
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-20614.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-20614
- Aliases
- Published
- 2022-01-12T20:15:08Z
- Modified
- 2024-09-03T04:00:21.614374Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A missing permission check in Jenkins Mailer Plugin 391.ve4a38c1bcf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
- References
Affected packages
Git / github.com/jenkinsci/mailer-plugin
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jenkinsci/mailer-plugin
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
mailer-1.*
mailer-1.0
mailer-1.1
mailer-1.10
mailer-1.11
mailer-1.12
mailer-1.12-beta-1
mailer-1.13
mailer-1.14
mailer-1.15
mailer-1.16
mailer-1.17
mailer-1.18
mailer-1.19
mailer-1.2
mailer-1.20
mailer-1.21
mailer-1.22
mailer-1.23
mailer-1.23-beta-1
mailer-1.23-beta-2
mailer-1.24
mailer-1.25
mailer-1.26
mailer-1.27
mailer-1.28
mailer-1.29
mailer-1.3
mailer-1.30
mailer-1.31
mailer-1.32
mailer-1.32.1
mailer-1.33
mailer-1.34
mailer-1.4
mailer-1.5
mailer-1.6
mailer-1.7
mailer-1.8
mailer-1.9