Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 23 Jan 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: jenkins

Published:

Updated: 2025-01-23T16:04:34.885Z

Reserved: 2023-05-16T10:55:43.518Z

Link: CVE-2023-32979

cve-icon Vulnrichment

Updated: 2024-08-02T15:32:46.506Z

cve-icon NVD

Status : Modified

Published: 2023-05-16T16:15:10.673

Modified: 2025-01-23T16:15:29.793

Link: CVE-2023-32979

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-05-16T00:00:00Z

Links: CVE-2023-32979 - Bugzilla

cve-icon OpenCVE Enrichment

No data.