Description

Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/08/12/4

https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1975

Related Vulnerabilities

CVE-2020-8149 Vulnerability in npm package logkitty

CVE-2022-43423 Vulnerability in maven package com.compuware.jenkins:compuware-scm-downloader

CVE-2021-35513 Vulnerability in maven package org.webjars.bower:mermaid

CVE-2020-11991 Vulnerability in maven package org.apache.cocoon:cocoon-core

CVE-2019-10318 Vulnerability in maven package org.jenkins-ci.plugins:azure-ad

Severity

High

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory