First published: Tue May 16 2023(Updated: )
A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
Affected Software | Affected Version | How to fix |
---|---|---|
Jenkins Email Extension | <=2.96 | |
maven/org.jenkins-ci.plugins:email-ext | <2.96.1 | 2.96.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-32980 is a cross-site request forgery (CSRF) vulnerability in the Jenkins Email Extension Plugin.
CVE-2023-32980 allows attackers to make another user stop watching an attacker-specified job.
CVE-2023-32980 has a severity level of medium.
To fix CVE-2023-32980, you should update your Jenkins Email Extension Plugin to version 2.96.1 or later.
You can find more information about CVE-2023-32980 in the Jenkins Security Advisory and the Red Hat Errata.