Bug 1561287 (CVE-2018-8718) - CVE-2018-8718 jenkins-plugin-mailer: Missing permissions check in Mailer.java:doSendTestMail() allows unauthorised users to send mail
Summary: CVE-2018-8718 jenkins-plugin-mailer: Missing permissions check in Mailer.java...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2018-8718
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1561288 1565297
Blocks: 1561289
TreeView+ depends on / blocked
 
Reported: 2018-03-28 03:47 UTC by Sam Fowler
Modified: 2021-10-21 19:59 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-21 19:59:21 UTC
Embargoed:

Attachments (Terms of Use)

Description Sam Fowler 2018-03-28 03:47:02 UTC 
The Jenkins Mailer Plugin through version 1.20 is missing a permissions check in the Mailer.java:doSendTestMail() function. Users with Overall/Read access are able to connect to a user-specified mail server with user-specified credentials to send a test email to a user-specified email address. The email subject and body could not be changed. This could result in DoS if, for example, specifying a valid mail server but invalid credentials.

As the same URL did not require POST to be used, it also was vulnerable to cross-site request forgery.


Upstream Advisory:

https://jenkins.io/security/advisory/2018-03-26/


Upstream Patch:

https://github.com/jenkinsci/mailer-plugin/commit/98e79cf904769907f83894e29f50ed6b3e7eb135
Comment 1 Sam Fowler 2018-03-28 03:47:37 UTC 
Created jenkins-mailer-plugin tracking bugs for this issue:

Affects: fedora-all [bug 1561288]
Note You need to log in before you can comment on or make changes to this bug.