ISHACK AI BOT

Ubuntu: (Multiple Advisories) (CVE-2023-24805): cups-filters vulnerability Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 05/17/2023 Created 05/18/2023 Added 05/18/2023 Modified 01/28/2025 Description cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime. Solution(s) ubuntu-pro-upgrade-cups-filters References https://attackerkb.com/topics/cve-2023-24805 CVE - 2023-24805 USN-6083-1 USN-6083-2

SUSE: CVE-2022-42336: SUSE Linux Security Advisory Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:P/A:N) Published 05/17/2023 Created 06/21/2023 Added 06/20/2023 Modified 01/28/2025 Description Mishandling of guest SSBD selection on AMD hardware The current logic to set SSBD on AMD Family 17h and Hygon Family 18h processors requires that the setting of SSBD is coordinated at a core level, as the setting is shared between threads. Logic was introduced to keep track of how many threads require SSBD active in order to coordinate it, such logic relies on using a per-core counter of threads that have SSBD active. When running on the mentioned hardware, it's possible for a guest to under or overflow the thread counter, because each write to VIRT_SPEC_CTRL.SSBD by the guest gets propagated to the helper that does the per-core active accounting. Underflowing the counter causes the value to get saturated, and thus attempts for guests running on the same core to set SSBD won't have effect because the hypervisor assumes it's already active. Solution(s) suse-upgrade-xen suse-upgrade-xen-devel suse-upgrade-xen-doc-html suse-upgrade-xen-libs suse-upgrade-xen-libs-32bit suse-upgrade-xen-tools suse-upgrade-xen-tools-domu suse-upgrade-xen-tools-xendomains-wait-disk References https://attackerkb.com/topics/cve-2022-42336 CVE - 2022-42336

Alma Linux: CVE-2023-24805: Important: cups-filters security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 05/17/2023 Created 06/07/2023 Added 06/07/2023 Modified 01/28/2025 Description cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime. Solution(s) alma-upgrade-cups-filters alma-upgrade-cups-filters-devel alma-upgrade-cups-filters-libs References https://attackerkb.com/topics/cve-2023-24805 CVE - 2023-24805 https://errata.almalinux.org/8/ALSA-2023-3425.html https://errata.almalinux.org/9/ALSA-2023-3423.html

VMware Photon OS: CVE-2023-1972 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/17/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-1972 CVE - 2023-1972

Alma Linux: CVE-2023-2295: Important: libreswan security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/17/2023 Created 05/23/2023 Added 05/23/2023 Modified 01/28/2025 Description A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. This CVE exists because of a CVE-2023-30570 security regression for libreswan package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. Solution(s) alma-upgrade-libreswan References https://attackerkb.com/topics/cve-2023-2295 CVE - 2023-2295 https://errata.almalinux.org/8/ALSA-2023-3107.html https://errata.almalinux.org/9/ALSA-2023-3148.html

Amazon Linux AMI 2: CVE-2023-33203: Security patch for kernel (Multiple Advisories) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/18/2023 Created 07/14/2023 Added 07/14/2023 Modified 01/28/2025 Description The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-313-235-533 amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-177-158-645 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2023-33203 AL2/ALAS-2023-2027 AL2/ALASKERNEL-5.10-2023-029 AL2/ALASKERNEL-5.4-2023-044 CVE - 2023-33203

Alma Linux: CVE-2023-32212: Important: firefox security update (Multiple Advisories) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/18/2023 Created 05/23/2023 Added 05/23/2023 Modified 01/28/2025 Description An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-32212 CVE - 2023-32212 https://errata.almalinux.org/8/ALSA-2023-3220.html https://errata.almalinux.org/8/ALSA-2023-3221.html https://errata.almalinux.org/9/ALSA-2023-3143.html https://errata.almalinux.org/9/ALSA-2023-3150.html

Amazon Linux 2023: CVE-2023-33204: Important priority package update for sysstat Severity 6 CVSS (AV:L/AC:H/Au:S/C:C/I:C/A:C) Published 05/18/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377. A vulnerability was found in sysstat. This security flaw happens because it allows a multiplication integer overflow in check_overflow in common.c. This issue exists due to an incomplete fix for CVE-2022-39377. Solution(s) amazon-linux-2023-upgrade-sysstat amazon-linux-2023-upgrade-sysstat-debuginfo amazon-linux-2023-upgrade-sysstat-debugsource References https://attackerkb.com/topics/cve-2023-33204 CVE - 2023-33204 https://alas.aws.amazon.com/AL2023/ALAS-2023-191.html

Debian: CVE-2023-24805: cups-filters -- security update Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 05/17/2023 Created 05/23/2023 Added 05/23/2023 Modified 01/28/2025 Description cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime. Solution(s) debian-upgrade-cups-filters References https://attackerkb.com/topics/cve-2023-24805 CVE - 2023-24805 DLA-3430-1 DSA-5407-1

Rocky Linux: CVE-2023-2319: pcs (RLSA-2023-2652) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 05/17/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. The CVE-2023-2319 was assigned to that Red Hat specific security regression in Red Hat Enterprise Linux 9.2. Solution(s) rocky-upgrade-pcs rocky-upgrade-pcs-snmp References https://attackerkb.com/topics/cve-2023-2319 CVE - 2023-2319 https://errata.rockylinux.org/RLSA-2023:2652

Alpine Linux: CVE-2023-24805: OS Command Injection Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 05/17/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime. Solution(s) alpine-linux-upgrade-cups-filters References https://attackerkb.com/topics/cve-2023-24805 CVE - 2023-24805 https://security.alpinelinux.org/vuln/CVE-2023-24805

FreeBSD: VID-7D6BE8D4-F812-11ED-A7FF-589CFC0F81B0: phpmyfaq -- multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/17/2023 Created 05/24/2023 Added 05/23/2023 Modified 05/23/2023 Description phpmyfaq developers report: Multiple XSS vulnerabilities Solution(s) freebsd-upgrade-package-phpmyfaq

Delta Electronics InfraSuite Device Master Deserialization Disclosed 05/17/2023 Created 06/08/2023 Description Delta Electronics InfraSuite Device Master versions below v1.0.5 have an unauthenticated .NET deserialization vulnerability within the 'ParseUDPPacket()' method of the 'Device-Gateway-Status' process. The 'ParseUDPPacket()' method reads user-controlled packet data and eventually calls 'BinaryFormatter.Deserialize()' on what it determines to be the packet header without appropriate validation, leading to unauthenticated code execution as the user running the 'Device-Gateway-Status' process. Author(s) Anonymous Shelby Pace Platform Windows Architectures cmd, x86, x64 Development Source Code History

Amazon Linux AMI 2: CVE-2023-2002: Security patch for kernel (ALAS-2023-2027) Severity 7 CVSS (AV:A/AC:L/Au:S/C:P/I:P/A:C) Published 05/17/2023 Created 05/17/2023 Added 05/17/2023 Modified 01/28/2025 Description A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. Solution(s) amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-313-235-533 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2023-2002 AL2/ALAS-2023-2027 CVE - 2023-2002

Oracle Linux: CVE-2023-28322: ELSA-2023-4354:curl security update (MODERATE) (Multiple Advisories) Severity 3 CVSS (AV:N/AC:H/Au:N/C:P/I:N/A:N) Published 05/17/2023 Created 08/04/2023 Added 08/03/2023 Modified 12/22/2024 Description An information disclosure vulnerability exists in curl &lt;v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST. A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application. Solution(s) oracle-linux-upgrade-curl oracle-linux-upgrade-curl-minimal oracle-linux-upgrade-libcurl oracle-linux-upgrade-libcurl-devel oracle-linux-upgrade-libcurl-minimal References https://attackerkb.com/topics/cve-2023-28322 CVE - 2023-28322 ELSA-2023-4354 ELSA-2024-1601

SUSE: CVE-2023-2731: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 05/17/2023 Created 12/14/2023 Added 12/13/2023 Modified 01/28/2025 Description A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service. Solution(s) suse-upgrade-libtiff-devel suse-upgrade-libtiff-devel-32bit suse-upgrade-libtiff5 suse-upgrade-libtiff5-32bit suse-upgrade-tiff References https://attackerkb.com/topics/cve-2023-2731 CVE - 2023-2731

Rocky Linux: CVE-2023-2203: webkit2gtk3 (RLSA-2023-3108) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 05/17/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. Solution(s) rocky-upgrade-webkit2gtk3 rocky-upgrade-webkit2gtk3-debuginfo rocky-upgrade-webkit2gtk3-debugsource rocky-upgrade-webkit2gtk3-devel rocky-upgrade-webkit2gtk3-devel-debuginfo rocky-upgrade-webkit2gtk3-jsc rocky-upgrade-webkit2gtk3-jsc-debuginfo rocky-upgrade-webkit2gtk3-jsc-devel rocky-upgrade-webkit2gtk3-jsc-devel-debuginfo References https://attackerkb.com/topics/cve-2023-2203 CVE - 2023-2203 https://errata.rockylinux.org/RLSA-2023:3108

Gentoo Linux: CVE-2023-2723: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/16/2023 Created 10/03/2023 Added 10/02/2023 Modified 01/28/2025 Description Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-chromium-bin gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-2723 CVE - 2023-2723 202309-17 202311-11

Gentoo Linux: CVE-2023-2722: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/16/2023 Created 10/03/2023 Added 10/02/2023 Modified 01/28/2025 Description Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-chromium-bin gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-2722 CVE - 2023-2722 202309-17 202311-11

Gentoo Linux: CVE-2023-2724: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/16/2023 Created 10/03/2023 Added 10/02/2023 Modified 01/28/2025 Description Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-chromium-bin gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-2724 CVE - 2023-2724 202309-17 202311-11

Ubuntu: (Multiple Advisories) (CVE-2023-1999): libwebp vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/16/2023 Created 05/17/2023 Added 05/17/2023 Modified 01/28/2025 Description There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. Solution(s) ubuntu-pro-upgrade-libwebp5 ubuntu-pro-upgrade-libwebp6 ubuntu-pro-upgrade-libwebp7 ubuntu-pro-upgrade-libwebpdemux1 ubuntu-pro-upgrade-libwebpdemux2 ubuntu-pro-upgrade-libwebpmux1 ubuntu-pro-upgrade-libwebpmux3 References https://attackerkb.com/topics/cve-2023-1999 CVE - 2023-1999 USN-6078-1 USN-6078-2

Alpine Linux: CVE-2023-2721: Use After Free Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/16/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Solution(s) alpine-linux-upgrade-qt5-qtwebengine References https://attackerkb.com/topics/cve-2023-2721 CVE - 2023-2721 https://security.alpinelinux.org/vuln/CVE-2023-2721

Red Hat: CVE-2022-48503: improper bounds checking leading to arbitrary code execution (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/16/2023 Created 07/10/2023 Added 07/10/2023 Modified 01/28/2025 Description The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution. Solution(s) redhat-upgrade-webkit2gtk3 redhat-upgrade-webkit2gtk3-debuginfo redhat-upgrade-webkit2gtk3-debugsource redhat-upgrade-webkit2gtk3-devel redhat-upgrade-webkit2gtk3-devel-debuginfo redhat-upgrade-webkit2gtk3-jsc redhat-upgrade-webkit2gtk3-jsc-debuginfo redhat-upgrade-webkit2gtk3-jsc-devel redhat-upgrade-webkit2gtk3-jsc-devel-debuginfo References CVE-2022-48503 RHSA-2023:2256 RHSA-2023:2834

Moodle: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2021-27131) Severity 5 CVSS (AV:N/AC:M/Au:S/C:P/I:P/A:N) Published 05/16/2023 Created 05/29/2023 Added 05/29/2023 Modified 01/30/2025 Description Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the "Additional HTML Section" via "Header and Footer" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by storing the malicious XSS payload in Header and Footer. NOTE: this is disputed by the vendor because the "Additional HTML Section" for "Header and Footer" can only be supplied by an administrator, who is intentionally allowed to enter unsanitized input (e.g., site-specific JavaScript). Solution(s) moodle-upgrade-latest References https://attackerkb.com/topics/cve-2021-27131 CVE - 2021-27131 https://docs.moodle.org/402/en/Risks https://github.com/moodle/moodle https://github.com/p4nk4jv/CVEs-Assigned/blob/master/Moodle-3.10.1-CVE-2021-27131.md

Red Hat OpenShift: CVE-2023-32980: jenkins-2-plugin: email-ext: CSRF vulnerability in Email Extension Plugin Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/16/2023 Created 06/27/2023 Added 06/26/2023 Modified 01/28/2025 Description A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job. Solution(s) linuxrpm-upgrade-jenkins-2-plugins References https://attackerkb.com/topics/cve-2023-32980 CVE - 2023-32980 RHSA-2023:3625