Jenkins Project Jenkins Mailer Plugin vulnerabilities

CVE-2022-20613 [MEDIUM] CWE-352 CVE-2022-20613: A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.

CVE-2022-20614 [MEDIUM] CWE-862 CVE-2022-20614: A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attacker A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.

CVE-2020-2252 [MEDIUM] CWE-295 CVE-2020-2252: Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the c Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.