1. Home
  2. Security Advisories
  3. Jenkins
  4. JENKINS:SECURITY-1125

[JENKINS:SECURITY-1125] CSRF vulnerability in Email Extension Template Plugin

Severity Medium
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

Some URLs implementing form submission handling in Email Extension Template Plugin did not require POST requests, resulting in a CSRF vulnerability that allowed attackers to create or remove templates.

These URLs now require POST requests.

Package Affected Version
pkg:maven/org.jenkins-ci.plugins/emailext-template <= 1.0
pkg:github/jenkinsci/emailext-template-plugin <= 1.0
Package Fixed Version
pkg:maven/org.jenkins-ci.plugins/emailext-template = 1.1
pkg:github/jenkinsci/emailext-template-plugin = 1.1
ID
JENKINS:SECURITY-1125
Severity
medium
Published
2018-09-25T00:00:00
(6 years ago)
Modified
2018-09-25T00:00:00
(6 years ago)
Rights
Jenkins Security Team
Other Advisories
Source # ID Name URL
Plugin repository emailext-template repository https://github.com/jenkinsci/emailext-template-plugin
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.jenkins-ci.plugins/emailext-template org.jenkins-ci.plugins emailext-template <= 1.0
Fixed pkg:maven/org.jenkins-ci.plugins/emailext-template org.jenkins-ci.plugins emailext-template = 1.1
Affected pkg:github/jenkinsci/emailext-template-plugin jenkinsci emailext-template-plugin <= 1.0
Fixed pkg:github/jenkinsci/emailext-template-plugin jenkinsci emailext-template-plugin = 1.1
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date