Jenkins Email Ext
Approved changes feed: RSS · Atom
cpe:2.3:a:[unknown]:jenkins-email-ext:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | [Unknown] (5b07108a-8f0c-5d28-ab99-c4ff62adb460) |
|---|---|
| Product | Jenkins Email Ext (e0b84d85-c37e-5445-b647-89299c4e50d9) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2017-2654 |
vulnerable | 2026-06-03 14:37:07.921725 |
Details available
LOW (3.7)
jenkins-email-ext before version 2.57.1 is vulnerable to an Information Exposure. The Email Extension Plugins is able to send emails to a dynamically created list of users based on the changelogs, like authors of SCM changes since the last successful build. This could in some cases result in emails being sent to people who have no user account in Jenkins, and in rare cases even people who were not involved in whatever project was being built, due to some mapping based on the local-part of email addresses.
Published: 2018-08-06T22:00:00.000Z
Updated: 2024-08-05T14:02:06.940Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.