In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2023/02/15/4 | Mailing List Third Party Advisory |
https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-2939 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: jenkins
Published: 2023-02-15T00:00:00
Updated: 2023-10-24T12:48:58.427Z
Reserved: 2023-02-14T00:00:00
Link: CVE-2023-25765
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-02-15T14:15:13.700
Modified: 2023-11-03T02:00:58.373
Link: CVE-2023-25765
JSON object: View
Redhat Information
No data.
CWE