Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.jenkins-ci.plugins/mailer@1.32
Typemaven
Namespaceorg.jenkins-ci.plugins
Namemailer
Version1.32
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.32.1
Latest_non_vulnerable_version408.vd726a_1130320
Affected_by_vulnerabilities
0
url VCID-1uad-jqyh-zqgq
vulnerability_id VCID-1uad-jqyh-zqgq
summary 
Improper Validation of Certificate with Host Mismatch in Jenkins Mailer Plugin
Jenkins Mailer Plugin prior to 1.32.1, 1.31.1, and 1.29.1 does not perform hostname validation when connecting to the configured SMTP server. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections.

Mailer Plugin 1.32.1, 1.31.1, and 1.29.1 validates the SMTP hostname when connecting via TLS by default. In Mailer Plugin 1.32 and earlier, administrators can set the Java system property mail.smtp.ssl.checkserveridentity to true on startup to enable this protection.

In case of problems, this protection can be disabled again by setting the Java system property mail.smtp.ssl.checkserveridentity to false on startup.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2252.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2252.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-2252
reference_id
reference_type
scores
0
value 0.00036
scoring_system epss
scoring_elements 0.10508
published_at 2026-04-24T12:55:00Z
1
value 0.00036
scoring_system epss
scoring_elements 0.10495
published_at 2026-04-02T12:55:00Z
2
value 0.00036
scoring_system epss
scoring_elements 0.10565
published_at 2026-04-04T12:55:00Z
3
value 0.00036
scoring_system epss
scoring_elements 0.10429
published_at 2026-04-07T12:55:00Z
4
value 0.00036
scoring_system epss
scoring_elements 0.10504
published_at 2026-04-08T12:55:00Z
5
value 0.00036
scoring_system epss
scoring_elements 0.1057
published_at 2026-04-09T12:55:00Z
6
value 0.00036
scoring_system epss
scoring_elements 0.10599
published_at 2026-04-11T12:55:00Z
7
value 0.00036
scoring_system epss
scoring_elements 0.10567
published_at 2026-04-12T12:55:00Z
8
value 0.00036
scoring_system epss
scoring_elements 0.10544
published_at 2026-04-13T12:55:00Z
9
value 0.00036
scoring_system epss
scoring_elements 0.1041
published_at 2026-04-16T12:55:00Z
10
value 0.00036
scoring_system epss
scoring_elements 0.10393
published_at 2026-04-18T12:55:00Z
11
value 0.00036
scoring_system epss
scoring_elements 0.10522
published_at 2026-04-21T12:55:00Z
12
value 0.00036
scoring_system epss
scoring_elements 0.10384
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-2252
2
reference_url https://github.com/CVEProject/cvelist/blob/16860a328d970faa6e4350b0fa446f64a52e52ca/2020/2xxx/CVE-2020-2252.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/CVEProject/cvelist/blob/16860a328d970faa6e4350b0fa446f64a52e52ca/2020/2xxx/CVE-2020-2252.json
3
reference_url https://github.com/jenkinsci/mailer-plugin/commit/e1893c6d105669f134ee5c5212ef9f3944d7d00d
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/mailer-plugin/commit/e1893c6d105669f134ee5c5212ef9f3944d7d00d
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-2252
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-2252
5
reference_url https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1813
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1813
6
reference_url http://www.openwall.com/lists/oss-security/2020/09/16/3
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/09/16/3
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1880454
reference_id 1880454
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1880454
8
reference_url https://github.com/advisories/GHSA-6fr3-286q-q3cr
reference_id GHSA-6fr3-286q-q3cr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6fr3-286q-q3cr
9
reference_url https://access.redhat.com/errata/RHSA-2020:4297
reference_id RHSA-2020:4297
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4297
10
reference_url https://access.redhat.com/errata/RHSA-2020:5102
reference_id RHSA-2020:5102
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5102
fixed_packages
0
url pkg:maven/org.jenkins-ci.plugins/mailer@1.32.1
purl pkg:maven/org.jenkins-ci.plugins/mailer@1.32.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/mailer@1.32.1
aliases CVE-2020-2252, GHSA-6fr3-286q-q3cr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1uad-jqyh-zqgq
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/mailer@1.32