Description
Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3088%20(1)
Related Vulnerabilities
CVE-2022-34188 Vulnerability in maven package org.jenkins-ci.plugins:hidden-parameter
CVE-2022-28157 Vulnerability in maven package com.surenpi.jenkins:phoenix-autotest
CVE-2022-24697 Vulnerability in maven package org.apache.kylin:kylin-core-common
CVE-2022-4492 Vulnerability in maven package io.undertow:undertow-core
CVE-2022-45398 Vulnerability in maven package org.zeroturnaround:cluster-stats