CVE-2020-2252 (Medium) detected in mailer-1.13.jar #99

mend-for-github.aaakk.us.kg · 2020-10-08T01:11:04Z

CVE-2020-2252 - Medium Severity Vulnerability

Vulnerable Library - mailer-1.13.jar

null

Path to dependency file: influxdb-plugin/pom.xml

Path to vulnerable library: /root/.m2/repository/org/jenkins-ci/plugins/mailer/1.13/mailer-1.13.jar

Dependency Hierarchy:

performance-3.0.jar (Root Library)
- workflow-aggregator-1.13.jar
  - workflow-basic-steps-1.13.jar
    - ❌ mailer-1.13.jar (Vulnerable Library)

Vulnerability Details

Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.

Publish Date: 2020-09-16

CVSS 3 Score Details (4.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2020-07-21

Fix Resolution: org.jenkins-ci.plugins:mailer:1.32.1

mend-for-github.aaakk.us.kg bot added the security vulnerability Security vulnerability detected by WhiteSource label Oct 8, 2020