Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send…
mitre·CWE-352·Published 2018-03-27
Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.
Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.
Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.
Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.
Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el plugin Mailer 1.20 para Jenkins 2.111 permite que usuarios autenticados remotos envíen correos no autorizados como un usuario arbitrario mediante una petición /descriptorByName/hudson.tasks.Mailer/sendTestMail.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 6.0 | 6.8 | 6.4 | AV:N/AC:M/Au:S/C:P/I:P/A:P |
| 3.0 | Primary | NVD | 8.0 | 2.1 | 5.9 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
| 3.1 | Secondary | GHSA | 8.0 | — | — | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |