org.jenkins-ci.plugins:email-ext (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.jenkins-ci.plugins:email-ext, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (11)
CVE-2019-1003032 — CVSS 9.9 (critical): A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/E…
CVE-2023-25765 — CVSS 9.9 (critical): In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection…
CVE-2018-1000417 — CVSS 8.1 (high): A cross-site request forgery vulnerability exists in Jenkins Email Extension Template Plugin 1.0 and earlier in ExtEmailTemplateManagement.j…
CVE-2020-2232 — CVSS 7.5 (high): Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins…
CVE-2018-1000176 — CVSS 6.5 (medium): An exposure of sensitive information vulnerability exists in Jenkins Email Extension Plugin 2.61 and older in src/main/resources/hudson/plug…
CVE-2023-25763 — CVSS 5.4 (medium): Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored…
CVE-2023-25764 — CVSS 5.4 (medium): Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output…
CVE-2020-2253 — CVSS 4.8 (medium): Jenkins Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server.
CVE-2023-32980 — CVSS 4.3 (medium): A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an…
CVE-2023-32979 — CVSS 4.3 (medium): Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with…
CVE-2017-2654 — CVSS 3.7 (low): jenkins-email-ext before version 2.57.1 is vulnerable to an Information Exposure. The Email Extension Plugins is able to send emails to a…