CVE-2019-6242

Name of the Vulnerable Software and Affected Versions Kentico version 10.0.42

Description The issue allows Global Administrators to read the cleartext SMTP Password by navigating to the SMTP configuration page. The vendor considers this a best-practice violation but not a vulnerability. The vendor plans to fix it at a future time.

Recommendations For Kentico version 10.0.42, consider restricting access to the SMTP configuration page to minimize the risk of exploitation until a fix is available. As a temporary workaround, limit the privileges of Global Administrators to prevent them from accessing sensitive information like the cleartext SMTP Password.