Description

Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/08/12/4

https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1975

Related Vulnerabilities

CVE-2020-28278 Vulnerability in maven package org.webjars.npm:shvl

CVE-2021-43797 Vulnerability in maven package io.netty:netty-codec-http

CVE-2021-41183 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery-ui

CVE-2022-23181 Vulnerability in maven package org.apache.tomcat:tomcat

CVE-2020-2221 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

High

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory