CVE-2022-20614

A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
jenkinsCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
jenkinsmailer
𝑥
< 1.34.2
jenkinsmailer
391.ve4a_38c1b_cf4b_:ve4a_38c1b_cf4b_
oraclecommunications_cloud_native_core_automated_test_suite
1.9.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2022/01/12/6
https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2163
https://www.oracle.com/security-alerts/cpuapr2022.html
http://www.openwall.com/lists/oss-security/2022/01/12/6
https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2163
https://www.oracle.com/security-alerts/cpuapr2022.html