Description

Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/08/12/4

https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1975

Related Vulnerabilities

CVE-2019-10462 Vulnerability in maven package org.jenkins-ci.plugins:dynatrace-dashboard

CVE-2020-7677 Vulnerability in maven package org.webjars.npm:thenify

CVE-2021-46708 Vulnerability in npm package swagger-ui-dist

CVE-2020-2138 Vulnerability in maven package org.jenkins-ci.plugins:cobertura

CVE-2020-11009 Vulnerability in maven package org.rundeck:rundeck

Severity

High

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory