Description
Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1975
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/08/12/4
Scores
CVSS v3
7.5
EPSS
0.0006
EPSS Percentile
19.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-319
Status
published
Products (3)
jenkins/email_extension
2.72
jenkins/email_extension
2.73
org.jenkins-ci.plugins/email-ext
2.72 - 2.74Maven
Published
Aug 12, 2020
Tracked Since
Feb 18, 2026