VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-vjar-udts-v7cg

Essentials
Severities (21)
References (7)
Severity details (7)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-vjar-udts-v7cg
Aliases	CVE-2023-32979 GHSA-6gp4-2f92-j2w5
Summary	Jenkins Email Extension Plugin missing permission check Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-732	Incorrect Permission Assignment for Critical Resource
CWE-266	Incorrect Privilege Assignment

System	Score	Found at
cvssv3	4.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32979.json
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2023-32979
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2023-32979
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2023-32979
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2023-32979
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2023-32979
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2023-32979
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2023-32979
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-32979
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-32979
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-32979
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-32979
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-32979
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-32979
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2023-32979
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-6gp4-2f92-j2w5
cvssv3.1	4.3	https://nvd.nist.gov/vuln/detail/CVE-2023-32979
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2023-32979
cvssv3.1	4.3	https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3088%20(1)
generic_textual	MODERATE	https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3088%20(1)
ssvc	Track	https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3088%20(1)

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32979.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-32979
		https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3088%20(1)
2207831		https://bugzilla.redhat.com/show_bug.cgi?id=2207831
CVE-2023-32979		https://nvd.nist.gov/vuln/detail/CVE-2023-32979
GHSA-6gp4-2f92-j2w5		https://github.com/advisories/GHSA-6gp4-2f92-j2w5
RHSA-2023:3625		https://access.redhat.com/errata/RHSA-2023:3625

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32979.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-32979

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3088%20(1)

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T16:03:36Z/ Found at https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3088%20(1)

Exploit Prediction Scoring System (EPSS)

Percentile	0.17731
EPSS Score	0.00057
Published At	April 13, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:51:17.339645+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.plugins/email-ext/CVE-2023-32979.yml	38.0.0