First published: Wed Aug 12 2020(Updated: )
Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
Affected Software | Affected Version | How to fix |
---|---|---|
Jenkins Email Extension | =2.72 | |
Jenkins Email Extension | =2.73 | |
maven/org.jenkins-ci.plugins:email-ext | >=2.72<2.74 | 2.74 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-2232 is a vulnerability in the Jenkins Email Extension Plugin versions 2.72 and 2.73.
CVE-2020-2232 has a severity rating of 7.5 (high).
CVE-2020-2232 allows the SMTP password to be transmitted and displayed in plain text as part of the global Jenkins configuration form, potentially exposing it.
CVE-2020-2232 affects versions 2.72 and 2.73 of the Jenkins Email Extension Plugin.
To fix CVE-2020-2232, update Jenkins Email Extension Plugin to a version beyond 2.73 that includes the necessary security fixes.