CVE-2018-1000176 β€” Sensitive Information Exposure in Jenkins Email Extension

CWE-200 β€” Sensitive Information Exposure5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 73.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jenkins Email Extension
Timeline
PublishedMay 8
Latest updateMay 14

Description

An exposure of sensitive information vulnerability exists in Jenkins Email Extension Plugin 2.61 and older in src/main/resources/hudson/plugins/emailext/ExtendedEmailPublisher/global.groovy and ExtendedEmailPublisherDescriptor.java that allows attackers with control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured SMTP password.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

πŸ”΄Vulnerability Details

3
GHSA
Jenkins Email Extension Plugin showed plain text SMTP password in configuration form field↗2022-05-14
β–Ά
OSV
Jenkins Email Extension Plugin showed plain text SMTP password in configuration form field↗2022-05-14
β–Ά
CVEList
CVE-2018-1000176: An exposure of sensitive information vulnerability exists in Jenkins Email Extension Plugin 2β†—2018-05-08
β–Ά

πŸ“‹Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2018-04-16β†—2018-04-16
β–Ά
CVE-2018-1000176 β€” Sensitive Information Exposure | cvebase