Jenkins Email Extension — known CVE vulnerabilities
Every CVE whose affected-product data names Jenkins Email Extension, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2023-25765 — CVSS 9.9 (critical): In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection…
CVE-2019-1003032 — CVSS 9.9 (critical): A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/E…
CVE-2026-48920 — CVSS 8.8 (high): Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as `base64` in email content by setting the…
CVE-2020-2232 — CVSS 7.5 (high): Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins…
CVE-2018-1000176 — CVSS 6.5 (medium): An exposure of sensitive information vulnerability exists in Jenkins Email Extension Plugin 2.61 and older in src/main/resources/hudson/plug…
CVE-2023-25763 — CVSS 5.4 (medium): Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored…
CVE-2023-25764 — CVSS 5.4 (medium): Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output…
CVE-2020-2253 — CVSS 4.8 (medium): Jenkins Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server.
CVE-2023-32979 — CVSS 4.3 (medium): Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with…
CVE-2023-32980 — CVSS 4.3 (medium): A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an…
CVE-2017-2654 — CVSS 3.7 (low): jenkins-email-ext before version 2.57.1 is vulnerable to an Information Exposure. The Email Extension Plugins is able to send emails to a…