ID CVE-2022-20614
Summary A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
References
Vulnerable Configurations
  • cpe:2.3:a:jenkins:mailer:391.ve4a_38c1b_cf4b_:-:*:*:*:*:*:*
    cpe:2.3:a:jenkins:mailer:391.ve4a_38c1b_cf4b_:-:*:*:*:*:*:*
  • cpe:2.3:a:jenkins:mailer:1.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.7:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.8:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.8:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.10:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.10:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.11:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.11:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.12:-:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.12:-:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.12:beta1:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.12:beta1:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.13:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.13:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.14:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.14:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.15:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.15:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.16:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.16:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.17:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.17:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.18:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.18:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.19:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.19:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.20:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.20:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.21:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.21:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.22:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.22:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.23:-:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.23:-:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.23:beta1:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.23:beta1:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.23:beta2:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.23:beta2:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.24:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.24:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.25:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.25:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.26:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.26:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.27:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.27:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.28:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.28:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.29:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.29:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.30:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.30:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.31:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.31:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:mailer:1.32:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:mailer:1.32:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 17-10-2022 - 19:24)
Impact:
Exploitability:
CWE CWE-862
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:P/A:N
Last major update 17-10-2022 - 19:24
Published 12-01-2022 - 20:15
Last modified 17-10-2022 - 19:24
Back to Top