Description

Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure.

Remediation

References

https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1975

http://www.openwall.com/lists/oss-security/2020/08/12/4

Related Vulnerabilities

CVE-2016-5393 Vulnerability in maven package org.apache.hadoop:hadoop-common

CVE-2021-46708 Vulnerability in npm package swagger-ui-dist

CVE-2021-39157 Vulnerability in npm package detect-character-encoding

CVE-2020-11023 Vulnerability in maven package org.fujion.webjars:jquery

CVE-2022-36157 Vulnerability in maven package com.xuxueli:xxl-job

Severity

High

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory Mailing List Third Party Advisory