[JENKINS:SECURITY-774] Mailer Plugin allowed unauthorized users to send test emails

Severity Medium

Affected Packages 2

Fixed Packages 2

CVEs 1

A missing permission check in Mailer Plugin allowed users with Overall/Read access to Jenkins to have it connect to a user-specified mail server with user-specified credentials to send a test email to a user-specified email address.
The email subject and body could not be changed.
This could result in DoS if, for example, specifying a valid mail server but invalid credentials.

As the same URL did not require POST to be used, it also was vulnerable to cross-site request forgery.

The URL handling test emails now requires POST to protect from CSRF, and performs an Overall/Administer permission check.

Package	Affected Version
pkg:maven/org.jenkins-ci.plugins/mailer	<= 1.20
pkg:github/jenkinsci/mailer-plugin	<= 1.20

Package	Fixed Version
pkg:maven/org.jenkins-ci.plugins/mailer	= 1.21
pkg:github/jenkinsci/mailer-plugin	= 1.21

ID

JENKINS:SECURITY-774

Severity

medium

Published

2018-03-26T00:00:00
(6 years ago)

Modified

2018-03-26T00:00:00
(6 years ago)

Rights

Jenkins Security Team

Other Advisories

MAVEN:GHSA-6G57-H38C-Q52G

Source	# ID	Name	URL
Plugin repository		mailer repository	https://github.com/jenkinsci/mailer-plugin

Type	Package URL	Namespace	Name / Product	Version
Affected	pkg:maven/org.jenkins-ci.plugins/mailer	org.jenkins-ci.plugins	mailer	<= 1.20
Fixed	pkg:maven/org.jenkins-ci.plugins/mailer	org.jenkins-ci.plugins	mailer	= 1.21
Affected	pkg:github/jenkinsci/mailer-plugin	jenkinsci	mailer-plugin	<= 1.20
Fixed	pkg:github/jenkinsci/mailer-plugin	jenkinsci	mailer-plugin	= 1.21

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date