CVE-2022-20614
- Source
- https://cve.org/CVERecord?id=CVE-2022-20614
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-20614.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-20614
- Aliases
- Published
- 2022-01-12T20:15:08.763Z
- Modified
- 2026-03-14T11:25:41.078221Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A missing permission check in Jenkins Mailer Plugin 391.ve4a38c1bcf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
- References
Affected packages
Git / github.com/jenkinsci/mailer-plugin
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jenkinsci/mailer-plugin
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "1.34.2" }, { "introduced": "0" }, { "last_affected": "391.ve4a_38c1b_cf4b_-NA" } ] }
Affected versions
391.*
391.ve4a_38c1b_cf4b_
mailer-1.*
mailer-1.0
mailer-1.1
mailer-1.10
mailer-1.11
mailer-1.12
mailer-1.12-beta-1
mailer-1.13
mailer-1.14
mailer-1.15
mailer-1.16
mailer-1.17
mailer-1.18
mailer-1.19
mailer-1.2
mailer-1.20
mailer-1.21
mailer-1.22
mailer-1.23
mailer-1.23-beta-1
mailer-1.23-beta-2
mailer-1.24
mailer-1.25
mailer-1.26
mailer-1.27
mailer-1.28
mailer-1.29
mailer-1.3
mailer-1.30
mailer-1.31
mailer-1.32
mailer-1.32.1
mailer-1.33
mailer-1.34
mailer-1.4
mailer-1.5
mailer-1.6
mailer-1.7
mailer-1.8
mailer-1.9