CVE-2020-2318

Name of the Vulnerable Software and Affected Versions Jenkins Mail Commander Plugin for Jenkins-ci Plugin version 1.0.0 and earlier

Description The issue concerns the storage of passwords in an unencrypted manner in job config.xml files on the Jenkins controller. These passwords can be accessed by users who have Extended Read permission or direct access to the Jenkins controller file system.

Recommendations For Jenkins Mail Commander Plugin for Jenkins-ci Plugin version 1.0.0 and earlier, consider restricting access to the Jenkins controller file system and limiting Extended Read permissions to minimize the risk of password exposure. As a temporary workaround, consider encrypting sensitive data manually until a proper fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.