CVE-2018-1000176
Last modified
CVE-2018-1000176 is a vulnerability of currently unknown severity. An exposure of sensitive information vulnerability exists in Jenkins Email Extension Plugin 2.61 and older in src/main/resources/hudson/plugins/emailext/ExtendedEmailPublisher/global.groovy and ExtendedEmailPublisherDescriptor.java that allows attackers with control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured SMTP password.. EPSS estimates a 0.99% chance of exploitation in the next 30 days.
Description
An exposure of sensitive information vulnerability exists in Jenkins Email Extension Plugin 2.61 and older in src/main/resources/hudson/plugins/emailext/ExtendedEmailPublisher/global.groovy and ExtendedEmailPublisherDescriptor.java that allows attackers with control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured SMTP password.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Email Extension | <= 2.61 |
References
- https://jenkins.io/security/advisory/2018-04-16/Vendor Advisory
- https://jenkins.io/security/advisory/2018-04-16/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1000176?
How severe is CVE-2018-1000176?
How do I fix CVE-2018-1000176?
Are you affected by CVE-2018-1000176?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST