CVE-2020-2232

CWE-319Cleartext Transmission5 documents5 sources
Severity
7.5HIGH
EPSS
0.1%
top 80.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Email Extension PluginJenkins Email Extension
Timeline
PublishedAug 12
Latest updateMay 24

Description

Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_email_extension_plugin2.72unspecified+1
NVDjenkins/email_extension2.72, 2.73+1

🔴Vulnerability Details

3
OSV
Jenkins Email Extension Plugin SMTP password transmitted and displayed in plain text2022-05-24
GHSA
Jenkins Email Extension Plugin SMTP password transmitted and displayed in plain text2022-05-24
CVEList
CVE-2020-2232: Jenkins Email Extension Plugin 22020-08-12

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2020-08-122020-08-12
CVE-2020-2232 (HIGH CVSS 7.5) | Jenkins Email Extension Plugin 2.72 | cvebase.io