Lucene search

PRIOn knowledge basePRION:CVE-2023-32979

HistoryMay 16, 2023 - 4:15 p.m.

Design/Logic Flaw

2023-05-1616:15:00

PRIOn knowledge base

www.prio-n.com

jenkins

email extension

plugin

logic

flaw

permission

check

form validation

attackers

overall

read

directory

jenkins home directory

controller file system

nvd

4.7 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.3%

JSON

Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system.

CPENameOperatorVersion
email_extensionle2.96

CPE	Name	Operator	Version
	email_extension	le	2.96

References

www.jenkins.io/security/advisory/2023-05-16/