Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1jOWMyLXdjeGgtM3c1as4AAxpZ
Sandbox escape in Jenkins Email Extension Plugin
In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
Permalink: https://github.com/advisories/GHSA-c9c2-wcxh-3w5jJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jOWMyLXdjeGgtM3c1as4AAxpZ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: about 1 year ago
Updated: 4 months ago
CVSS Score: 10.0
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Identifiers: GHSA-c9c2-wcxh-3w5j, CVE-2023-25765
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-25765
- https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-2939
- http://www.openwall.com/lists/oss-security/2023/02/15/4
- https://github.com/jenkinsci/email-ext-plugin/commit/ffe44a4c1c1830325787d7ef5e9e19ebf9a936f9
- https://github.com/advisories/GHSA-c9c2-wcxh-3w5j
Blast Radius: 1.0
Affected Packages
maven:org.jenkins-ci.plugins:email-ext
Affected Version Ranges: <= 2.93Fixed in: 2.94