Description

Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/08/12/4

https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1975

Related Vulnerabilities

CVE-2020-11022 Vulnerability in maven package org.webjars:jquery

CVE-2020-26217 Vulnerability in maven package xstream:xstream

CVE-2018-20843 Vulnerability in npm package dbus

CVE-2022-36916 Vulnerability in maven package org.jenkins-ci.plugins:google-cloud-backup

CVE-2021-25738 Vulnerability in maven package io.kubernetes:client-java-parent

Severity

High

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory