cbcvebase.
CVE-2018-8718
published 2018-03-27

CVE-2018-8718: Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an…

PriorityP349high8CVSS 3.0
AVNACLPRLUIRSUCHIHAH
EXPLOIT
EPSS
6.77%
93.2th percentile
Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.

Affected

12 ranges
VendorProductVersion rangeFixed in
jenkinsansible_plugin
jenkinsbuilds_started_before_the_plugin
jenkinscopy_to_slave_plugin
jenkinscucumber_living_documentation_plugin
jenkinsgithub_pull_request_builder_plugin
jenkinsliquibase_runner_plugin
jenkinsmailer<= 1.20
jenkinsmailer_plugin
jenkinsp4_plugin
jenkinsperforce_plugin
jenkinsreverse_proxy_auth_plugin
jenkinswe_recommend_that_users_of_perforce_plugin

CVSS provenance

nvdv3.08.0HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
vendor_redhat8.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.