CVE-2022-20613

Cross-Site Request Forgery (CSRF) in maven/org.jenkins-ci.plugins/mailer

Identifiers

GHSA-85rq-hp8x-ghjq, CVE-2022-20613

Package Slug

maven/org.jenkins-ci.plugins/mailer

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a38c1bcf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.

Affected Versions

All versions up to 391.ve4a38c1bcf4b

Solution

Upgrade to version 408.vd726a_1130320 or above.

Last Modified

2022-06-21

source