{"id":"CVE-2023-32979","details":"Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system.","aliases":["GHSA-6gp4-2f92-j2w5"],"modified":"2026-04-09T09:36:39.586264Z","published":"2023-05-16T16:15:10.673Z","references":[{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3088%20(1)"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/email-ext-plugin","events":[{"introduced":"0"},{"last_affected":"2188d677142eacb5164b6055bfe9dca6a7f3a787"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.96"}]}}],"versions":["email-ext-2.11","email-ext-2.12","email-ext-2.13","email-ext-2.14","email-ext-2.15","email-ext-2.16","email-ext-2.17","email-ext-2.18","email-ext-2.19","email-ext-2.20","email-ext-2.21","email-ext-2.22","email-ext-2.24","email-ext-2.24.1","email-ext-2.25","email-ext-2.27","email-ext-2.27.1","email-ext-2.29","email-ext-2.30","email-ext-2.30.1","email-ext-2.30.2","email-ext-2.31","email-ext-2.32","email-ext-2.33","email-ext-2.34","email-ext-2.35","email-ext-2.35.1","email-ext-2.37","email-ext-2.37.1","email-ext-2.37.2","email-ext-2.39","email-ext-2.40","email-ext-2.40.2","email-ext-2.41","email-ext-2.41.2","email-ext-2.42","email-ext-2.43","email-ext-2.44","email-ext-2.45","email-ext-2.46","email-ext-2.47","email-ext-2.48","email-ext-2.49","email-ext-2.50","email-ext-2.51","email-ext-2.52","email-ext-2.55","email-ext-2.56","email-ext-2.57","email-ext-2.58","email-ext-2.59","email-ext-2.60","email-ext-2.61","email-ext-2.62","email-ext-2.63","email-ext-2.64","email-ext-2.65","email-ext-2.66","email-ext-2.67","email-ext-2.68","email-ext-2.69","email-ext-2.71","email-ext-2.72","email-ext-2.73","email-ext-2.74","email-ext-2.75","email-ext-2.76","email-ext-2.77","email-ext-2.78","email-ext-2.79","email-ext-2.80","email-ext-2.81","email-ext-2.82","email-ext-2.83","email-ext-2.84","email-ext-2.85","email-ext-2.86","email-ext-2.87","email-ext-2.88","email-ext-2.89","email-ext-2.90","email-ext-2.91","email-ext-2.92","email-ext-2.93","email-ext-2.95","email-ext-2.96"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-32979.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}