CVE-2022-20613

A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.

Published: Jan 12, 2022
Updated: May 9, 2024
CVE: CVE-2022-20613
GHSA: GHSA-85rq-hp8x-ghjq
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
jenkins / mailer	391.ve4a_38c1b_cf4b_	391.ve4a_38c1b_cf4b_.x
jenkins / mailer	-	1.34.2
oracle / communications_cloud_native_core_automated_test_suite	1.9.0	1.9.0.x
org.jenkins-ci.plugins / mailer	-	408.vd726a_1130320

http://www.openwall.com/lists/oss-security/2022/01/12/6
https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2163
https://www.oracle.com/security-alerts/cpuapr2022.html

Vulnerability Database

289,697

CVE-2022-20613