CVE-2023-25765
📋 TL;DR
This vulnerability in Jenkins Email Extension Plugin allows attackers with folder-level email template creation permissions to bypass script security sandbox protections. It enables arbitrary code execution on the Jenkins controller JVM, affecting all Jenkins instances using vulnerable plugin versions.
💻 Affected Systems
- Jenkins Email Extension Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full compromise of Jenkins controller with attacker gaining complete control over the Jenkins environment, potentially leading to lateral movement, data exfiltration, and deployment of persistent backdoors.
Likely Case
Privileged authenticated users exploiting the vulnerability to execute arbitrary code, potentially compromising build pipelines, stealing credentials, or disrupting CI/CD operations.
If Mitigated
Limited impact if proper access controls restrict folder-level permissions and network segmentation isolates Jenkins from critical systems.
🎯 Exploit Status
Exploitation requires authenticated access with folder-level email template creation permissions. Public exploit details available in security advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.94 or later
Vendor Advisory: https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-2939
Restart Required: Yes
Instructions:
1. Update Jenkins Email Extension Plugin to version 2.94 or later via Jenkins Plugin Manager. 2. Restart Jenkins service to apply the update. 3. Verify plugin version in Manage Jenkins > Plugin Manager.
🔧 Temporary Workarounds
Restrict Folder Permissions
allTemporarily remove or restrict permissions for users to create email templates in folders until patching is complete.
Navigate to Jenkins > Manage Jenkins > Configure Global Security > Project-based Matrix Authorization Strategy
🧯 If You Can't Patch
- Implement strict access controls to limit folder-level permissions for email template creation
- Network segmentation to isolate Jenkins controller from sensitive systems and monitor for suspicious activity
🔍 How to Verify
Check if Vulnerable:
Check Jenkins plugin manager for Email Extension Plugin version. If version is 2.93 or earlier, the system is vulnerable.Check Version:
Check Jenkins web UI at Manage Jenkins > Plugin Manager > Installed tab for Email Extension Plugin versionVerify Fix Applied:
Verify Email Extension Plugin version is 2.94 or later in Manage Jenkins > Plugin Manager > Installed tab.📡 Detection & Monitoring
Log Indicators:
- Unusual email template creation/modification in folder contexts
- Script execution errors or sandbox bypass attempts in Jenkins logs
Network Indicators:
- Unexpected outbound connections from Jenkins controller
- Unusual process execution patterns
SIEM Query:
source="jenkins.log" AND ("EmailExt" OR "email-template" OR "sandbox") AND ("bypass" OR "unauthorized" OR "malicious")