Description

Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure.

Remediation

References

https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1975

http://www.openwall.com/lists/oss-security/2020/08/12/4

Related Vulnerabilities

CVE-2019-1003019 Vulnerability in maven package org.jenkins-ci.plugins:github-oauth

CVE-2021-41117 Vulnerability in npm package keypair

CVE-2023-29015 Vulnerability in maven package io.goobi.viewer:viewer-core

CVE-2020-7652 Vulnerability in npm package snyk-broker

CVE-2018-1000111 Vulnerability in maven package org.jenkins-ci.plugins:subversion

Severity

High

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory Mailing List Third Party Advisory