jenkins-2.516
Chainguard
7.5
CVSS V3
Status
Impact
The vulnerable org.eclipse.angus:smtp dependency is embedded within the jakarta-mail-api Jenkins plugin. A fix is pending upstream merge in https://github.com/jenkinsci/jakarta-mail-api-plugin/pull/117 which updates angus-mail to version 2.0.4. Once merged and released, Jenkins will need to update to the newer jakarta-mail-api plugin version to resolve this CVE.
Status