What is CVE-2018-8718?

CVE-2018-8718 is a cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 that allows remote authenticated users to send unauthorized mail as an arbitrary user.

How does CVE-2018-8718 affect Jenkins?

CVE-2018-8718 affects Jenkins 2.111 and allows remote authenticated users to send unauthorized mail as an arbitrary user.

What is the severity of CVE-2018-8718?

CVE-2018-8718 has a severity level of high.

How can I fix CVE-2018-8718?

To fix CVE-2018-8718, update the Mailer Plugin to version 1.21 or later.

Where can I find more information about CVE-2018-8718?

You can find more information about CVE-2018-8718 in the following references: [link1](http://www.openwall.com/lists/oss-security/2018/03/26/3), [link2](http://www.securityfocus.com/bid/103691), [link3](https://jenkins.io/security/advisory/2018-03-26/).

Vulnerability/
CVE-2018-8718

high

CWE

352

27/3/2018

14/5/2022

5/8/2024

CVE-2018-8718: CSRF

First published: Tue Mar 27 2018(Updated: )

Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
maven/org.jenkins-ci.plugins:mailer	<=1.20	1.21
Jenkins Mailer Jenkins	<=1.20

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-8718?
CVE-2018-8718 is a cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 that allows remote authenticated users to send unauthorized mail as an arbitrary user.
How does CVE-2018-8718 affect Jenkins?
CVE-2018-8718 affects Jenkins 2.111 and allows remote authenticated users to send unauthorized mail as an arbitrary user.
What is the severity of CVE-2018-8718?
CVE-2018-8718 has a severity level of high.
How can I fix CVE-2018-8718?
To fix CVE-2018-8718, update the Mailer Plugin to version 1.21 or later.
Where can I find more information about CVE-2018-8718?
You can find more information about CVE-2018-8718 in the following references: [link1](http://www.openwall.com/lists/oss-security/2018/03/26/3), [link2](http://www.securityfocus.com/bid/103691), [link3](https://jenkins.io/security/advisory/2018-03-26/).

collector/github-advisory-latest
alias/GHSA-6g57-h38c-q52g
alias/CVE-2018-8718
collector/github-advisory
agent/last-modified-date
agent/first-publish-date
agent/author
agent/type
agent/severity
agent/references
agent/weakness
agent/event
agent/description
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
agent/tags
agent/softwarecombine
collector/mitre-cve
source/MITRE
package-manager/maven
vendor/jenkins
canonical/jenkins mailer jenkins
version/jenkins mailer jenkins/1.20

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.