Description
Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/08/12/4
https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1975
Related Vulnerabilities
CVE-2020-11022 Vulnerability in maven package org.webjars:jquery
CVE-2020-26217 Vulnerability in maven package xstream:xstream
CVE-2018-20843 Vulnerability in npm package dbus
CVE-2022-36916 Vulnerability in maven package org.jenkins-ci.plugins:google-cloud-backup
CVE-2021-25738 Vulnerability in maven package io.kubernetes:client-java-parent