CVE-2020-2232

Опубликовано: 12 авг. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure.

Ссылки

http://www.openwall.com/lists/oss-security/2020/08/12/4
Mailing List
Third Party Advisory
https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1975
Vendor Advisory
http://www.openwall.com/lists/oss-security/2020/08/12/4
Mailing List
Third Party Advisory
https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1975
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:jenkins:email_extension:2.72:*:*:*:*:jenkins:*:*

cpe:2.3:a:jenkins:email_extension:2.73:*:*:*:*:jenkins:*:*

EPSS

Процентиль: 14%

0.00047

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-319

Связанные уязвимости

GHSA-5c4v-vh95-c67c

CVSS3: 3.7

github

больше 3 лет назад

Jenkins Email Extension Plugin SMTP password transmitted and displayed in plain text