First published: Wed Sep 16 2020(Updated: )
Jenkins Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
Affected Software | Affected Version | How to fix |
---|---|---|
Jenkins Email Extension | <=2.75 | |
maven/org.jenkins-ci.plugins:email-ext | <=2.75 | 2.76 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-2253 is a vulnerability in Jenkins Email Extension Plugin 2.75 and earlier versions that allows man-in-the-middle attacks.
CVE-2020-2253 has a severity rating of medium.
Jenkins Email Extension Plugin versions 2.75 and earlier versions are affected by CVE-2020-2253.
CVE-2020-2253 can be exploited by performing a man-in-the-middle attack to intercept the connections.
Yes, the fix for CVE-2020-2253 is available in Email Extension Plugin version 2.76.