CVE-2023-32979

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-32979

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-32979.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-32979

Aliases

GHSA-6gp4-2f92-j2w5

Downstream

RHSA-2023:3625

Published

2023-05-16T16:15:10.673Z

Modified

2026-04-11T12:45:16.373363Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system.

References

https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3088%20(1)

Affected packages

Git / github.com/jenkinsci/email-ext-plugin

Affected ranges

Type

GIT

Repo

https://github.com/jenkinsci/email-ext-plugin

Events

Introduced

Last affected

2188d677142eacb5164b6055bfe9dca6a7f3a787

Database specific

{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.96"
        }
    ],
    "cpe": "cpe:2.3:a:jenkins:email_extension:*:*:*:*:*:jenkins:*:*",
    "source": "CPE_FIELD"
}

Affected versions

email-ext-2.*

email-ext-2.11

email-ext-2.12

email-ext-2.13

email-ext-2.14

email-ext-2.15

email-ext-2.16

email-ext-2.17

email-ext-2.18

email-ext-2.19

email-ext-2.20

email-ext-2.21

email-ext-2.22

email-ext-2.24

email-ext-2.24.1

email-ext-2.25

email-ext-2.27

email-ext-2.27.1

email-ext-2.29

email-ext-2.30

email-ext-2.30.1

email-ext-2.30.2

email-ext-2.31

email-ext-2.32

email-ext-2.33

email-ext-2.34

email-ext-2.35

email-ext-2.35.1

email-ext-2.37

email-ext-2.37.1

email-ext-2.37.2

email-ext-2.39

email-ext-2.40

email-ext-2.40.2

email-ext-2.41

email-ext-2.41.2

email-ext-2.42

email-ext-2.43

email-ext-2.44

email-ext-2.45

email-ext-2.46

email-ext-2.47

email-ext-2.48

email-ext-2.49

email-ext-2.50

email-ext-2.51

email-ext-2.52

email-ext-2.55

email-ext-2.56

email-ext-2.57

email-ext-2.58

email-ext-2.59

email-ext-2.60

email-ext-2.61

email-ext-2.62

email-ext-2.63

email-ext-2.64

email-ext-2.65

email-ext-2.66

email-ext-2.67

email-ext-2.68

email-ext-2.69

email-ext-2.71

email-ext-2.72

email-ext-2.73

email-ext-2.74

email-ext-2.75

email-ext-2.76

email-ext-2.77

email-ext-2.78

email-ext-2.79

email-ext-2.80

email-ext-2.81

email-ext-2.82

email-ext-2.83

email-ext-2.84

email-ext-2.85

email-ext-2.86

email-ext-2.87

email-ext-2.88

email-ext-2.89

email-ext-2.90

email-ext-2.91

email-ext-2.92

email-ext-2.93

email-ext-2.95

email-ext-2.96

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-32979.json"