CVE-2018-1000176 – org.jenkins-ci.plugins:email-ext

Package

Manager: maven
Name: org.jenkins-ci.plugins:email-ext
Vulnerable Version: >=0 <2.62

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00099 pctl0.28225

Details

Jenkins Email Extension Plugin showed plain text SMTP password in configuration form field An exposure of sensitive information vulnerability exists in Jenkins Email Extension Plugin 2.61 and older in src/main/resources/hudson/plugins/emailext/ExtendedEmailPublisher/global.groovy and ExtendedEmailPublisherDescriptor.java that allows attackers with control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured SMTP password.

Metadata

Created: 2022-05-14T03:18:39Z
Modified: 2024-01-30T22:35:37Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-gwxm-wqpq-w539/GHSA-gwxm-wqpq-w539.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-gwxm-wqpq-w539
Finding: F017
Auto approve: 1