-
Bug
-
Resolution: Duplicate
-
Critical
-
None
When we use the plugin email-exit , we can give any email id in the 'from' field and it will send an email from the ID which is specified in the 'from' field.
Example pipeline:
pipeline {
agent any
stages {
stage('test') {
steps
}
}
}
Here, the mail will come from noorjahan.s@allianz.com. If I change the from mail id to somebody else, say renjith@allianz.com
then a mail from renjith@allianz.com
is received. And the mail is not visible in the sent items of the sender. So in this way, anybody can change the from mail id and send emails from others' email id by impersonating them.
- duplicates
-
JENKINS-71925 Deprecation of jobs modifying the 'from' email field
-
- Open
-
[JENKINS-72974] Bug in Email Extension plugin: we can use any email address in the 'from' field and kind of impersonate anybody.
Summary | Original: Bug in Email Extension plugin: In the pipeline syntax, we can use any email address in the 'from' field and kind of impersonate anybody. Also, the mail is not visible in the sent items too, which seems a security issue. | New: Bug in Email Extension plugin: we can use any email address in the 'from' field and kind of impersonate anybody. |
Link | New: This issue duplicates JENKINS-71925 [ JENKINS-71925 ] |
Resolution | New: Duplicate [ 3 ] | |
Status | Original: Open [ 1 ] | New: Closed [ 6 ] |