cvedb.io
CVE-2023-25765
CRITICAL · CVSS 9.9
EPSS exploitation probability: 0%
Published 2023-02-15T14:15:13.700 · Last modified 2026-06-17T05:41:56.373

Summary

In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

Affected products

jenkins — email_extension

Does this affect you?

Add your gear to cvedb and we'll alert you only when jenkins ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.