CVE-2020-2232

Published: Aug 12, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure.

Affected (2)

Products: Jenkins: Email Extension

Jenkins

1 product

Email Extension

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Jenkins Email Extension	Version 2.72
Jenkins Email Extension	Version 2.73

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (4)

http://www.openwall.com/lists/oss-security/2020/08/12/4

Source: jenkinsci-cert@googlegroups.com

Mailing ListThird Party Advisory

https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1975

Source: jenkinsci-cert@googlegroups.com

Vendor Advisory

http://www.openwall.com/lists/oss-security/2020/08/12/4

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1975

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.