N/A

jenkins-mailer-plugin before version 1.20 is vulnerable to an information disclosure while using the feature to send emails to a dynamically created list of users based on the changelogs. This could in some cases result in emails being sent to people who have no user account in Jenkins, and in rare cases even people who were not involved in whatever project was being built, due to some mapping based on the local-part of email addresses.

N/A

信息暴露

CloudBees Jenkins Mailer插件信息泄露漏洞

CloudBees Jenkins是美国CloudBees公司的一套基于Java开发的持续集成工具，它主要用于监控持续的软件版本发布/测试项目和一些定时执行的任务。Mailer是其中的一个配置构建电子邮件通知的插件。 CloudBees Jenkins Mailer插件1.20之前版本中存在信息泄露漏洞。远程攻击者可利用该漏洞获取发送给其他用户的邮件。

N/A

N/A