GHSA-p2fr-mq9m-6w6p
Suggest an improvement- Source
- https://github.com/advisories/GHSA-p2fr-mq9m-6w6p
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-p2fr-mq9m-6w6p/GHSA-p2fr-mq9m-6w6p.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-p2fr-mq9m-6w6p
- Aliases
- Published
- 2023-02-15T15:30:41Z
- Modified
- 2024-02-16T08:15:43.938633Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Cross-site Scripting in Jenkins Email Extension Plugin
- Details
-
Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or change custom email templates.
- Database specific
{ "nvd_published_at": "2023-02-15T14:15:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-02-15T18:53:51Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-25764
- https://github.com/jenkinsci/email-ext-plugin/commit/7b2bd251aa0193d009d85b713362d965dab262d0
- https://github.com/jenkinsci/email-ext-plugin
- https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-2934
- http://www.openwall.com/lists/oss-security/2023/02/15/4
Affected packages
Maven / org.jenkins-ci.plugins:email-ext
Package
- Name
- org.jenkins-ci.plugins:email-ext
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/email-ext
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.94
Affected versions
2.*
2.11
2.12
2.13
2.14
2.14.1
2.15
2.16
2.18
2.19
2.20
2.21
2.22
2.24.1
2.25
2.27
2.27.1
2.28
2.29
2.30
2.30.1
2.30.2
2.31
2.32
2.33
2.34
2.35
2.35.1
2.36
2.37
2.37.1
2.37.2
2.37.2.2
2.38
2.38.1
2.38.2
2.39
2.39.3
2.40-beta
2.40
2.40.1
2.40.2
2.40.3
2.40.4
2.40.5
2.41
2.41.2
2.41.3
2.42
2.43
2.44
2.45
2.46
2.47
2.50
2.51
2.52
2.53
2.54
2.55
2.56
2.57
2.57.1
2.57.2
2.58
2.59
2.60
2.61
2.62
2.62.1
2.63
2.64
2.65
2.66
2.68
2.68.1
2.68.2
2.69
2.69.1
2.69.2
2.71
2.72
2.73
2.74
2.75
2.76
2.77
2.78
2.79
2.80
2.81
2.82
2.83
2.84
2.85
2.86
2.87
2.88
2.89
2.89.0.1
2.89.0.2
2.89.1
2.90
2.91
2.92
2.93
2.93.1