CVE-2020-2253

CWE-295Improper Certificate Validation5 documents5 sources
Severity
4.8MEDIUM
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Email Extension PluginJenkins Email Extension
Timeline
PublishedSep 16
Latest updateMay 24

Description

Jenkins Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 2.2 | Impact: 2.5

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_email_extension_pluginunspecified2.75

🔴Vulnerability Details

3
OSV
Missing hostname validation in Email Extension Plugin2022-05-24
GHSA
Missing hostname validation in Email Extension Plugin2022-05-24
CVEList
CVE-2020-2253: Jenkins Email Extension Plugin 22020-09-16

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2020-09-162020-09-16
CVE-2020-2253 (MEDIUM CVSS 4.8) | Jenkins Email Extension Plugin 2.75 | cvebase.io