Skip to main content

7PK - Security Features


Severity High
Score 9.9/10


A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/, src/main/java/hudson/plugins/emailext/plugins/content/, src/main/java/hudson/plugins/emailext/plugins/content/, src/main/java/hudson/plugins/emailext/plugins/trigger/ that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.

  • LOW
  • HIGH
  • NONE
  • LOW
  • HIGH
  • HIGH

CWE-254 - Security Features

Security features are integrated into the application infrastructure to protect its resources and the trusted environment against a known exploit, threat, or vulnerability. However, flawed, disabled, or absent security features expose the application to a variety of attacks. This is a multidimensional vulnerability with broad potential impact. It can lead to defacement, confidentiality compromise, system takeover, etc.


Advisory Timeline

  • Published