VulnerableCode Package Details - pkg:rpm/redhat/jenkins-2-plugins@4.10.1685679861-1?arch=el8

Search for packages

Vulnerability	Summary	Fixed by
VCID-bv8m-gtj8-d3eq Aliases: CVE-2023-32980 GHSA-2f89-66v2-9p53	Cross-Site Request Forgery (CSRF) A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job.	There are no reported fixed by versions.
VCID-v9jp-s75d-zffs Aliases: CVE-2023-32977 GHSA-2wvv-phhw-qvmc	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.	There are no reported fixed by versions.
VCID-vjar-udts-v7cg Aliases: CVE-2023-32979 GHSA-6gp4-2f92-j2w5	Jenkins Email Extension Plugin missing permission check Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system.	There are no reported fixed by versions.
VCID-yph7-zq7p-j3hz Aliases: CVE-2023-32981 GHSA-6987-xccv-fhjp	Jenkins Pipeline Utility Steps Plugin arbitrary file write vulnerability An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-bv8m-gtj8-d3eq
Aliases:
CVE-2023-32980
GHSA-2f89-66v2-9p53

Cross-Site Request Forgery (CSRF) A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job.

There are no reported fixed by versions.

VCID-v9jp-s75d-zffs
Aliases:
CVE-2023-32977
GHSA-2wvv-phhw-qvmc

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.

There are no reported fixed by versions.

VCID-vjar-udts-v7cg
Aliases:
CVE-2023-32979
GHSA-6gp4-2f92-j2w5

Jenkins Email Extension Plugin missing permission check Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system.

There are no reported fixed by versions.

VCID-yph7-zq7p-j3hz
Aliases:
CVE-2023-32981
GHSA-6987-xccv-fhjp

Jenkins Pipeline Utility Steps Plugin arbitrary file write vulnerability An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:53:54.686814+00:00	RedHat Importer	Affected by	VCID-yph7-zq7p-j3hz	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32981.json	38.0.0
2026-04-01T13:53:54.626346+00:00	RedHat Importer	Affected by	VCID-bv8m-gtj8-d3eq	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32980.json	38.0.0
2026-04-01T13:53:54.599866+00:00	RedHat Importer	Affected by	VCID-vjar-udts-v7cg	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32979.json	38.0.0
2026-04-01T13:53:54.573390+00:00	RedHat Importer	Affected by	VCID-v9jp-s75d-zffs	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32977.json	38.0.0