CSRF Vulnerability in Mailer Plugin for Jenkins Allows Unauthorized Mail Sending

CSRF Vulnerability in Mailer Plugin for Jenkins Allows Unauthorized Mail Sending

CVE-2018-8718 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.

Learn more about our User Device Pen Test.