cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-20614,https://securityvulnerability.io/vulnerability/CVE-2022-20614,Jenkins Mailer Plugin Vulnerability Exposure via Insufficient Permission Checks,"In the Jenkins Mailer Plugin, a missing permission check allows users with Overall/Read permissions to exploit the DNS functionalities of the Jenkins instance. This could lead to unauthorized hostname resolutions, potentially allowing attackers to manipulate DNS settings by specifying remote hostnames, posing significant risks to the integrity of Jenkins deployments.",Jenkins,Jenkins Mailer Plugin,4.3,MEDIUM,0.0007399999885819852,false,,false,false,false,,,false,false,,2022-01-12T00:00:00.000Z,0
CVE-2022-20613,https://securityvulnerability.io/vulnerability/CVE-2022-20613,Cross-Site Request Forgery in Jenkins Mailer Plugin by Jenkins,"A cross-site request forgery vulnerability in the Jenkins Mailer Plugin allows malicious actors to manipulate DNS resolution utilized by the Jenkins instance. By exploiting this loophole, attackers can send unauthorized requests, potentially targeting sensitive endpoints within the Jenkins environment. This vulnerability affects versions of the Mailer Plugin prior to 391.ve4a_38c1b_cf4b_ and highlights the necessity for implementing secure coding practices to mitigate CSRF risks.",Jenkins,Jenkins Mailer Plugin,4.3,MEDIUM,0.00107999995816499,false,,false,false,false,,,false,false,,2022-01-12T00:00:00.000Z,0
CVE-2020-2252,https://securityvulnerability.io/vulnerability/CVE-2020-2252,,Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.,Jenkins,Jenkins Mailer Plugin,4.8,MEDIUM,0.0007099999929778278,false,,false,false,false,,,false,false,,2020-09-16T13:20:38.000Z,0
CVE-2017-2651,https://securityvulnerability.io/vulnerability/CVE-2017-2651,,"jenkins-mailer-plugin before version 1.20 is vulnerable to an information disclosure while using the feature to send emails to a dynamically created list of users based on the changelogs. This could in some cases result in emails being sent to people who have no user account in Jenkins, and in rare cases even people who were not involved in whatever project was being built, due to some mapping based on the local-part of email addresses.",Jenkins,Jenkins-mailer-plugin,3.7,LOW,0.0013000000035390258,false,,false,false,false,,,false,false,,2018-07-27T18:00:00.000Z,0