[JENKINS:SECURITY-2163] CSRF vulnerability and missing permission checks in `mailer`

Severity Medium

Affected Packages 2

Fixed Packages 2

CVEs 2

mailer 391.ve4a_38c1b_cf4b_ and earlier does not perform a permission check in a method implementing form validation.

This allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.

Additionally, this form validation method does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

mailer 408.vd726a_1130320 requires POST requests and Overall/Administer permission for the affected form validation method.

Package	Affected Version
pkg:maven/org.jenkins-ci.plugins/mailer	<= 391.ve4a_38c1b_cf4b_
pkg:github/jenkinsci/mailer-plugin	<= 391.ve4a_38c1b_cf4b_

Package	Fixed Version
pkg:maven/org.jenkins-ci.plugins/mailer	= 408.vd726a_1130320
pkg:github/jenkinsci/mailer-plugin	= 408.vd726a_1130320

ID

JENKINS:SECURITY-2163

Severity

medium

Published

2022-01-12T00:00:00
(2 years ago)

Modified

2022-01-12T00:00:00
(2 years ago)

Rights

Jenkins Security Team

Other Advisories

Source	# ID	Name	URL
Plugin repository		mailer repository	https://github.com/jenkinsci/mailer-plugin

Type	Package URL	Namespace	Name / Product	Version
Affected	pkg:maven/org.jenkins-ci.plugins/mailer	org.jenkins-ci.plugins	mailer	<= 391.ve4a_38c1b_cf4b_
Fixed	pkg:maven/org.jenkins-ci.plugins/mailer	org.jenkins-ci.plugins	mailer	= 408.vd726a_1130320
Affected	pkg:github/jenkinsci/mailer-plugin	jenkinsci	mailer-plugin	<= 391.ve4a_38c1b_cf4b_
Fixed	pkg:github/jenkinsci/mailer-plugin	jenkinsci	mailer-plugin	= 408.vd726a_1130320

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date