Description

Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/08/12/4

https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1975

Related Vulnerabilities

CVE-2020-2133 Vulnerability in maven package com.applatix.jenkins:applatix

CVE-2014-0072 Vulnerability in npm package cordova-plugin-file-transfer

CVE-2021-23424 Vulnerability in npm package ansi-html

CVE-2021-21479 Vulnerability in maven package com.sap.scimono:scimono-server

CVE-2023-35142 Vulnerability in maven package com.checkmarx.jenkins:checkmarx

Severity

High

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory