CVE-2023-32979

Jenkins Email Extension Plugin missing permission check in maven/org.jenkins-ci.plugins/email-ext

Identifiers

GHSA-6gp4-2f92-j2w5, CVE-2023-32979

Package Slug

maven/org.jenkins-ci.plugins/email-ext

Vulnerability

Jenkins Email Extension Plugin missing permission check

Description

Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system.

Affected Versions

All versions before 2.96.1

Solution

Upgrade to version 2.96.1 or above.

Last Modified

2023-05-17

source