<p>Upgrade <code>org.jenkins-ci.plugins:email-ext</code> to version 2.57.1 or higher.</p>

Information Exposure Affecting org.jenkins-ci.plugins:email-ext package, versions [,2.57.1)

Snyk CVSS

Attack Complexity Low

Threat Intelligence

EPSS 0.09% (38^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JAVA-ORGJENKINSCIPLUGINS-32468
published 7 Aug 2018
disclosed 20 Mar 2017
credit Caleb Tennis

Report a new vulnerability Found a mistake?

Introduced: 20 Mar 2017

CVE-2017-2654 Open this link in a new tab CWE-200 Open this link in a new tab

How to fix?

Upgrade org.jenkins-ci.plugins:email-ext to version 2.57.1 or higher.

Overview

org.jenkins-ci.plugins:email-ext allows you to configure every aspect of email notifications.

Affected versions of this package are vulnerable to Information Exposure. It could send emails to a dynamically created list of users based on the changelogs, like authors of SCM changes since the last successful build. This could result in emails being sent to people who have no user account in Jenkins.