Description
Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/08/12/4
https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1975
Related Vulnerabilities
CVE-2022-28355 Vulnerability in maven package org.scala-js:scalajs-library_2.12
CVE-2022-3509 Vulnerability in maven package com.google.protobuf:protobuf-java
CVE-2022-32533 Vulnerability in maven package org.apache.portals.jetspeed-2:jetspeed
CVE-2019-14900 Vulnerability in maven package org.hibernate:hibernate-core