Description

Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/08/12/4

https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1975

Related Vulnerabilities

CVE-2021-46063 Vulnerability in maven package net.mingsoft:ms-mcms

CVE-2021-21631 Vulnerability in maven package org.jenkins-ci.plugins:cloud-stats

CVE-2020-7656 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery

CVE-2020-28490 Vulnerability in npm package async-git

CVE-2022-26850 Vulnerability in maven package org.apache.nifi:nifi-single-user-utils

Severity

High

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory