GHSA-c9c2-wcxh-3w5j
Suggest an improvement- Source
- https://github.com/advisories/GHSA-c9c2-wcxh-3w5j
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-c9c2-wcxh-3w5j/GHSA-c9c2-wcxh-3w5j.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-c9c2-wcxh-3w5j
- Aliases
- Published
- 2023-02-15T15:30:40Z
- Modified
- 2024-02-16T08:00:10.636638Z
- Severity
-
- 9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- Sandbox escape in Jenkins Email Extension Plugin
- Details
-
In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
- Database specific
{ "nvd_published_at": "2023-02-15T14:15:00Z", "cwe_ids": [ "CWE-693" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2023-02-15T18:29:32Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-25765
- https://github.com/jenkinsci/email-ext-plugin/commit/ffe44a4c1c1830325787d7ef5e9e19ebf9a936f9
- https://github.com/jenkinsci/email-ext-plugin
- https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-2939
- http://www.openwall.com/lists/oss-security/2023/02/15/4
Affected packages
Maven / org.jenkins-ci.plugins:email-ext
Package
- Name
- org.jenkins-ci.plugins:email-ext
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/email-ext
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.94
Affected versions
2.*
2.11
2.12
2.13
2.14
2.14.1
2.15
2.16
2.18
2.19
2.20
2.21
2.22
2.24.1
2.25
2.27
2.27.1
2.28
2.29
2.30
2.30.1
2.30.2
2.31
2.32
2.33
2.34
2.35
2.35.1
2.36
2.37
2.37.1
2.37.2
2.37.2.2
2.38
2.38.1
2.38.2
2.39
2.39.3
2.40-beta
2.40
2.40.1
2.40.2
2.40.3
2.40.4
2.40.5
2.41
2.41.2
2.41.3
2.42
2.43
2.44
2.45
2.46
2.47
2.50
2.51
2.52
2.53
2.54
2.55
2.56
2.57
2.57.1
2.57.2
2.58
2.59
2.60
2.61
2.62
2.62.1
2.63
2.64
2.65
2.66
2.68
2.68.1
2.68.2
2.69
2.69.1
2.69.2
2.71
2.72
2.73
2.74
2.75
2.76
2.77
2.78
2.79
2.80
2.81
2.82
2.83
2.84
2.85
2.86
2.87
2.88
2.89
2.89.0.1
2.89.0.2
2.89.1
2.90
2.91
2.92
2.93
2.93.1