1. Home
  2. Vulnerabilities
  3. CVE-2018-8718

CVE-2018-8718

CVSS v3.0 8 (High)
80% Progress
CVSS v2.0 6 (Medium)
60% Progress
EPSS 0.76 % (81th)
0.76% Progress
Affected Products 1
Advisories 2
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.

Weaknesses
CWE-352
Cross-Site Request Forgery (CSRF)
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2018-03-27 16:29:00
(6 years ago)
Updated Date
2019-03-04 19:55:37
(5 years ago)

Affected Products

Jenkins

Configuration #1

    CPE23 From Up To
  Jenkins Mailer for Jenkins 1.20 and prior versions cpe:2.3:a:jenkins:mailer::*:*:*:*:jenkins <= 1.20