CVE-2020-2252

CWE-295 — Improper Certificate Validation CWE-29710 documents7 sources

Severity

4.8MEDIUM

EPSS

0.0%

top 89.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Mailer Plugin Jenkins Mailer

Timeline

PublishedSep 16

Latest updateMay 24

Description

Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 2.2 | Impact: 2.5

Affected Packages3 packages

▶Mavenorg.jenkins-ci.plugins:mailer1.32 — 1.32.1+2

▶CVEListV5jenkins_project/jenkins_mailer_pluginunspecified — 1.32

▶NVDjenkins/mailer1.32

🔴Vulnerability Details

GHSA

Improper Validation of Certificate with Host Mismatch in Jenkins Mailer Plugin↗2022-05-24

▶

OSV

Improper Validation of Certificate with Host Mismatch in Jenkins Mailer Plugin↗2022-05-24

▶

CVEList

CVE-2020-2252: Jenkins Mailer Plugin 1↗2020-09-16

▶

📋Vendor Advisories

Red Hat

jenkins-2-plugins/mailer: Missing hostname validation in Mailer Plugin could result in MITM↗2020-09-16

▶

Jenkins

Jenkins Security Advisory 2020-09-16↗2020-09-16

▶

💬Community

Bugzilla

CVE-2020-2252 jenkins-2-plugins/mailer: Missing hostname validation in Mailer Plugin could result in MITM↗2020-09-18

▶

Bugzilla

CVE-2020-1727 keycloak: missing input validation in IDP authorization URLs↗2020-02-07

▶

Bugzilla

CVE-2020-1697 keycloak: stored XSS in client settings via application links↗2020-01-16

▶

Bugzilla

CVE-2020-1698 keycloak: Password leak by logged exception in HttpMethod class↗2020-01-13

▶