4.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-2252

GHSA ID

GHSA-6fr3-286q-q3cr

EPSS Score

0.08831%

CWE

CWE-295

Published

5/24/2022

Updated

12/14/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-2252

CVE-2020-2252: Improper Validation of Certificate with Host Mismatch in Jenkins Mailer Plugin

Jenkins Mailer Plugin prior to 1.32.1, 1.31.1, and 1.29.1 does not perform hostname validation when connecting to the configured SMTP server. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections.

Mailer Plugin 1.32.1, 1.31.1, and 1.29.1 validates the SMTP hostname when connecting via TLS by default. In Mailer Plugin 1.32 and earlier, administrators can set the Java system property mail.smtp.ssl.checkserveridentity to true on startup to enable this protection.

In case of problems, this protection can be disabled again by setting the Java system property mail.smtp.ssl.checkserveridentity to false on startup.

(GitHub Advisory)

4.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-2252

GHSA ID

GHSA-6fr3-286q-q3cr

EPSS Score

0.08831%

CWE

CWE-295

Published

5/24/2022

Updated

12/14/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.plugins:mailer	maven	= 1.32	1.32.1
org.jenkins-ci.plugins:mailer	maven	>= 1.30, < 1.31.1	1.31.1
org.jenkins-ci.plugins:mailer	maven	< 1.29.1	1.29.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from missing hostname validation during SMTP TLS handshakes. The commit e1893c6 shows the fix explicitly adds 'mail.smtp.ssl.checkserveridentity=true' property in Mailer.java's createSession method. Prior versions lacked this security check, making the session establishment function vulnerable. The function's responsibility for configuring mail session properties directly relates to the certificate validation mechanism described in the CVE.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins M*il*r Plu*in prior to *.**.*, *.**.*, *n* *.**.* *o*s not p*r*orm *ostn*m* v*li**tion w**n *onn**tin* to t** *on*i*ur** SMTP s*rv*r. T*is l**k o* v*li**tion *oul* ** **us** usin* * m*n-in-t**-mi**l* *tt**k to int*r**pt t**s* *onn**tions. M*

Reasoning

T** vuln*r**ility st*ms *rom missin* *ostn*m* v*li**tion *urin* SMTP TLS **n*s**k*s. T** *ommit ******* s*ows t** *ix *xpli*itly ***s 'm*il.smtp.ssl.****ks*rv*ri**ntity=tru*' prop*rty in `M*il*r.j*v*`'s `*r**t*S*ssion` m*t*o*. Prior v*rsions l**k** t

4.8

Basic Information

Concerned about an active attack path?

CVE-2020-2252: Improper Validation of Certificate with Host Mismatch in Jenkins Mailer Plugin

4.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI