GHSA-gwxm-wqpq-w539
Suggest an improvement- Source
- https://github.com/advisories/GHSA-gwxm-wqpq-w539
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-gwxm-wqpq-w539/GHSA-gwxm-wqpq-w539.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-gwxm-wqpq-w539
- Aliases
- Published
- 2022-05-14T03:18:39Z
- Modified
- 2024-02-18T05:39:07.865194Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Jenkins Email Extension Plugin showed plain text SMTP password in configuration form field
- Details
-
An exposure of sensitive information vulnerability exists in Jenkins Email Extension Plugin 2.61 and older in src/main/resources/hudson/plugins/emailext/ExtendedEmailPublisher/global.groovy and ExtendedEmailPublisherDescriptor.java that allows attackers with control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured SMTP password.
- Database specific
{ "nvd_published_at": "2018-05-08T15:29:00Z", "cwe_ids": [ "CWE-200" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-01-30T22:35:37Z" }- References
Affected packages
Maven / org.jenkins-ci.plugins:email-ext
Package
- Name
- org.jenkins-ci.plugins:email-ext
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/email-ext
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.62
Affected versions
2.*
2.11
2.12
2.13
2.14
2.14.1
2.15
2.16
2.18
2.19
2.20
2.21
2.22
2.24.1
2.25
2.27
2.27.1
2.28
2.29
2.30
2.30.1
2.30.2
2.31
2.32
2.33
2.34
2.35
2.35.1
2.36
2.37
2.37.1
2.37.2
2.37.2.2
2.38
2.38.1
2.38.2
2.39
2.39.3
2.40-beta
2.40
2.40.1
2.40.2
2.40.3
2.40.4
2.40.5
2.41
2.41.2
2.41.3
2.42
2.43
2.44
2.45
2.46
2.47
2.50
2.51
2.52
2.53
2.54
2.55
2.56
2.57
2.57.1
2.57.2
2.58
2.59
2.60
2.61