CVE-2022-20614

Incorrect Permission Assignment for Critical Resource in maven/org.jenkins-ci.plugins/mailer

Identifiers

GHSA-558x-h7rg-997v, CVE-2022-20614

Package Slug

maven/org.jenkins-ci.plugins/mailer

Vulnerability

Incorrect Permission Assignment for Critical Resource

Description

A missing permission check in Jenkins Mailer Plugin 391.ve4a38c1bcf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.

Affected Versions

All versions up to 391.ve4a38c1bcf4b

Solution

Upgrade to version 408.vd726a_1130320 or above.

Last Modified

2022-06-21

source