Description
A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Affected products
- Jenkins Project / Jenkins Email Extension Plugin2.96.1 – *
- Jenkins Project / Jenkins Email Extension Plugin2.89.0.2 – 2.89.0.*