Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Mailer | <= 1.20 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2018/03/26/3Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/103691Third Party AdvisoryVDB Entry
- https://jenkins.io/security/advisory/2018-03-26/Vendor Advisory
- https://www.exploit-db.com/exploits/44843/ExploitThird Party AdvisoryVDB Entry
- http://www.openwall.com/lists/oss-security/2018/03/26/3Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/103691Third Party AdvisoryVDB Entry
- https://jenkins.io/security/advisory/2018-03-26/Vendor Advisory
- https://www.exploit-db.com/exploits/44843/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2018-8718?
CVE-2018-8718 is a vulnerability with a CVSS score of 8.0 (HIGH). Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hud...
How severe is CVE-2018-8718?
CVE-2018-8718 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-8718?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Mailer.