Description
Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/08/12/4
https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1975
Related Vulnerabilities
CVE-2020-2133 Vulnerability in maven package com.applatix.jenkins:applatix
CVE-2014-0072 Vulnerability in npm package cordova-plugin-file-transfer
CVE-2021-23424 Vulnerability in npm package ansi-html
CVE-2021-21479 Vulnerability in maven package com.sap.scimono:scimono-server
CVE-2023-35142 Vulnerability in maven package com.checkmarx.jenkins:checkmarx