cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-32980,https://securityvulnerability.io/vulnerability/CVE-2023-32980,Cross-Site Request Forgery Vulnerability in Jenkins Email Extension Plugin,"A cross-site request forgery (CSRF) vulnerability exists in the Jenkins Email Extension Plugin. This flaw allows an attacker to exploit the trust that the Jenkins server has in the users operating on it. By tricking a logged-in user into submitting a request, an attacker can potentially manipulate their job watching preferences without their consent. This can disrupt the management of job notifications and result in unwanted changes to user settings.",Jenkins,Jenkins Email Extension Plugin,4.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2023-05-16T16:15:00.000Z,0
CVE-2023-32979,https://securityvulnerability.io/vulnerability/CVE-2023-32979,Jenkins Email Extension Plugin Vulnerability Allows Unauthorized File Access,"The Jenkins Email Extension Plugin has a vulnerability that allows attackers with Overall/Read permission to bypass permission checks during form validation. This weakness enables these attackers to locate files within the email-templates/ directory of the Jenkins home directory, potentially exposing sensitive information in the controller's file system.",Jenkins,Jenkins Email Extension Plugin,4.3,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2023-05-16T16:15:00.000Z,0
CVE-2023-25765,https://securityvulnerability.io/vulnerability/CVE-2023-25765,Code Execution Flaw in Jenkins Email Extension Plugin,"The Jenkins Email Extension Plugin prior to version 2.94 contains a vulnerability where templates created within a folder bypass Script Security controls. This allows malicious users who have access to define email templates to execute arbitrary code within the Jenkins server's JVM environment. This loophole poses significant security risks, enabling potential attackers to manipulate system operations or gain unauthorized access.",Jenkins,Jenkins Email Extension Plugin,9.9,CRITICAL,0.001120000029914081,false,,false,false,false,,,false,false,,2023-02-15T00:00:00.000Z,0
CVE-2023-25763,https://securityvulnerability.io/vulnerability/CVE-2023-25763,Stored Cross-Site Scripting Vulnerability in Jenkins Email Extension Plugin,"The Jenkins Email Extension Plugin versions 2.93 and earlier are susceptible to a stored cross-site scripting (XSS) vulnerability. This arises from the lack of proper escaping for various fields included in the email templates that are bundled with the plugin. Attackers who can manipulate these fields could exploit the vulnerability, executing arbitrary scripts in the context of the affected user's session.",Jenkins,Jenkins Email Extension Plugin,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2023-02-15T00:00:00.000Z,0
CVE-2023-25764,https://securityvulnerability.io/vulnerability/CVE-2023-25764,Stored Cross-Site Scripting Vulnerability in Jenkins Email Extension Plugin,"The Jenkins Email Extension Plugin, up to version 2.93, suffers from a stored cross-site scripting vulnerability due to inadequate escaping and sanitization of output generated from email templates. Attackers can exploit this flaw by creating or modifying custom email templates, which may allow them to inject malicious scripts. These scripts could potentially execute in the context of any user viewing the rendered email or logs, posing significant security risks. It's essential for users of this plugin to ensure they are using patched versions to mitigate this vulnerability.",Jenkins,Jenkins Email Extension Plugin,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2023-02-15T00:00:00.000Z,0
CVE-2020-2253,https://securityvulnerability.io/vulnerability/CVE-2020-2253,,Jenkins Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server.,Jenkins,Jenkins Email Extension Plugin,4.8,MEDIUM,0.0007099999929778278,false,,false,false,false,,,false,false,,2020-09-16T13:20:39.000Z,0
CVE-2020-2232,https://securityvulnerability.io/vulnerability/CVE-2020-2232,,"Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure.",Jenkins,Jenkins Email Extension Plugin,7.5,HIGH,0.0014900000533089042,false,,false,false,false,,,false,false,,2020-08-12T13:25:22.000Z,0
CVE-2019-1003032,https://securityvulnerability.io/vulnerability/CVE-2019-1003032,,"A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java, src/main/java/hudson/plugins/emailext/plugins/content/EmailExtScript.java, src/main/java/hudson/plugins/emailext/plugins/content/ScriptContent.java, src/main/java/hudson/plugins/emailext/plugins/trigger/AbstractScriptTrigger.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.",Jenkins,Jenkins Email Extension Plugin,9.9,CRITICAL,0.001829999964684248,false,,false,false,false,,,false,false,,2019-03-08T21:00:00.000Z,0