Description
Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/08/12/4
https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1975
Related Vulnerabilities
CVE-2020-8149 Vulnerability in npm package logkitty
CVE-2022-43423 Vulnerability in maven package com.compuware.jenkins:compuware-scm-downloader
CVE-2021-35513 Vulnerability in maven package org.webjars.bower:mermaid
CVE-2020-11991 Vulnerability in maven package org.apache.cocoon:cocoon-core
CVE-2019-10318 Vulnerability in maven package org.jenkins-ci.plugins:azure-ad