Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.jenkins-ci.plugins/email-ext@2.57.1

Type maven

Namespace org.jenkins-ci.plugins

Name email-ext

Version 2.57.1

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2.62

Latest_non_vulnerable_version 2.96.1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-sgm8-zu16-yqh3

vulnerability_id VCID-sgm8-zu16-yqh3

summary

Exposure of Sensitive Information to an Unauthorized Actor
jenkins-email-ext before version 2.57.1 is vulnerable to an Information Exposure. The Email Extension Plugins is able to send emails to a dynamically created list of users based on the changelogs, like authors of SCM changes since the last successful build. This could in some cases result in emails being sent to people who have no user account in Jenkins, and in rare cases even people who were not involved in whatever project was being built, due to some mapping based on the local-part of email addresses.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2654.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2654.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2654

reference_id

reference_type

scores

value	0.00029
scoring_system	epss
scoring_elements	0.08761
published_at	2026-06-06T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08693
published_at	2026-06-08T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08741
published_at	2026-06-07T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08745
published_at	2026-06-05T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08708
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2654

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2654

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2654

reference_url	https://github.com/jenkinsci/email-ext-plugin/commit/af2cc9bf649781c3c84c6891298db0d8601b193d
reference_id
reference_type
scores
url	https://github.com/jenkinsci/email-ext-plugin/commit/af2cc9bf649781c3c84c6891298db0d8601b193d

reference_url

https://jenkins.io/security/advisory/2017-03-20

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://jenkins.io/security/advisory/2017-03-20

reference_url	https://jenkins.io/security/advisory/2017-03-20/
reference_id
reference_type
scores
url	https://jenkins.io/security/advisory/2017-03-20/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1613050
reference_id	1613050
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1613050

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-2654

reference_id

CVE-2017-2654

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2654

reference_url

https://github.com/advisories/GHSA-c8qr-vfjf-62q3

reference_id

GHSA-c8qr-vfjf-62q3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c8qr-vfjf-62q3

fixed_packages

url	pkg:maven/org.jenkins-ci.plugins/email-ext@2.57.1
purl	pkg:maven/org.jenkins-ci.plugins/email-ext@2.57.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/email-ext@2.57.1

aliases CVE-2017-2654, GHSA-c8qr-vfjf-62q3

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sgm8-zu16-yqh3

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/email-ext@2.57.1

Package Instance