CVE-2023-32980: A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified…

medium4.3CVSS 3.1

AVNACLPRNUIRSUCNILAN

A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job.

Affected

23 ranges

Vendor	Product	Version range	Fixed in
jenkins	ansible_plugin	—	—
jenkins	appspider_plugin	—	—
jenkins	azure_vm_agents_plugin	—	—
jenkins	cas_plugin	—	—
jenkins	code_dx_plugin	—	—
jenkins	credentials_plugin	—	—
jenkins	email_extension	<= 2.96	—
jenkins	email_extension_plugin	—	—
jenkins	file_parameter_plugin	—	—
jenkins	hashicorp_vault_plugin	—	—
jenkins	ids_in_azure_vm_agents_plugin	—	—
jenkins	improper_masking_of_credentials_in_hashicorp_vault_plugin	—	—
jenkins	job_plugin	—	—
jenkins	ldap_plugin	—	—
jenkins	loadcomplete_support_plugin	—	—
jenkins	ns-nd_integration_performance_publisher_plugin	—	—
jenkins	pipeline_utility_steps_plugin	—	—
jenkins	reverse_proxy_auth_plugin	—	—
jenkins	sidebar_link_plugin	—	—
jenkins	tag_profiler_plugin	—	—
jenkins	testcomplete_support_plugin	—	—
jenkins	testng_report_files_and_displayed_on_the_plugin	—	—
jenkins	testng_results_plugin	—	—