Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-1uad-jqyh-zqgq
Summary
Improper Validation of Certificate with Host Mismatch in Jenkins Mailer Plugin
Jenkins Mailer Plugin prior to 1.32.1, 1.31.1, and 1.29.1 does not perform hostname validation when connecting to the configured SMTP server. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections.

Mailer Plugin 1.32.1, 1.31.1, and 1.29.1 validates the SMTP hostname when connecting via TLS by default. In Mailer Plugin 1.32 and earlier, administrators can set the Java system property mail.smtp.ssl.checkserveridentity to true on startup to enable this protection.

In case of problems, this protection can be disabled again by setting the Java system property mail.smtp.ssl.checkserveridentity to false on startup.
Aliases
0
alias CVE-2020-2252
1
alias GHSA-6fr3-286q-q3cr
Fixed_packages
0
url pkg:maven/org.jenkins-ci.plugins/mailer@1.29.1
purl pkg:maven/org.jenkins-ci.plugins/mailer@1.29.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/mailer@1.29.1
1
url pkg:maven/org.jenkins-ci.plugins/mailer@1.31.1
purl pkg:maven/org.jenkins-ci.plugins/mailer@1.31.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/mailer@1.31.1
2
url pkg:maven/org.jenkins-ci.plugins/mailer@1.32.1
purl pkg:maven/org.jenkins-ci.plugins/mailer@1.32.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/mailer@1.32.1
Affected_packages
0
url pkg:maven/org.jenkins-ci.plugins/mailer@1.30
purl pkg:maven/org.jenkins-ci.plugins/mailer@1.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uad-jqyh-zqgq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/mailer@1.30
1
url pkg:maven/org.jenkins-ci.plugins/mailer@1.32
purl pkg:maven/org.jenkins-ci.plugins/mailer@1.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uad-jqyh-zqgq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/mailer@1.32
2
url pkg:rpm/redhat/jenkins-2-plugins@3.11.1603460090-1?arch=el7
purl pkg:rpm/redhat/jenkins-2-plugins@3.11.1603460090-1?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uad-jqyh-zqgq
1
vulnerability VCID-jj88-rbff-4ygb
2
vulnerability VCID-sa11-2uur-8ybd
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@3.11.1603460090-1%3Farch=el7
3
url pkg:rpm/redhat/jenkins-2-plugins@4.6.1601368321-1?arch=el8
purl pkg:rpm/redhat/jenkins-2-plugins@4.6.1601368321-1?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uad-jqyh-zqgq
1
vulnerability VCID-jj88-rbff-4ygb
2
vulnerability VCID-sa11-2uur-8ybd
3
vulnerability VCID-sprz-dww1-vufr
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.6.1601368321-1%3Farch=el8
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2252.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2252.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-2252
reference_id
reference_type
scores
0
value 0.00036
scoring_system epss
scoring_elements 0.10508
published_at 2026-04-24T12:55:00Z
1
value 0.00036
scoring_system epss
scoring_elements 0.10495
published_at 2026-04-02T12:55:00Z
2
value 0.00036
scoring_system epss
scoring_elements 0.10565
published_at 2026-04-04T12:55:00Z
3
value 0.00036
scoring_system epss
scoring_elements 0.10429
published_at 2026-04-07T12:55:00Z
4
value 0.00036
scoring_system epss
scoring_elements 0.10504
published_at 2026-04-08T12:55:00Z
5
value 0.00036
scoring_system epss
scoring_elements 0.1057
published_at 2026-04-09T12:55:00Z
6
value 0.00036
scoring_system epss
scoring_elements 0.10599
published_at 2026-04-11T12:55:00Z
7
value 0.00036
scoring_system epss
scoring_elements 0.10567
published_at 2026-04-12T12:55:00Z
8
value 0.00036
scoring_system epss
scoring_elements 0.10544
published_at 2026-04-13T12:55:00Z
9
value 0.00036
scoring_system epss
scoring_elements 0.1041
published_at 2026-04-16T12:55:00Z
10
value 0.00036
scoring_system epss
scoring_elements 0.10393
published_at 2026-04-18T12:55:00Z
11
value 0.00036
scoring_system epss
scoring_elements 0.10522
published_at 2026-04-21T12:55:00Z
12
value 0.00036
scoring_system epss
scoring_elements 0.10384
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-2252
2
reference_url https://github.com/CVEProject/cvelist/blob/16860a328d970faa6e4350b0fa446f64a52e52ca/2020/2xxx/CVE-2020-2252.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/CVEProject/cvelist/blob/16860a328d970faa6e4350b0fa446f64a52e52ca/2020/2xxx/CVE-2020-2252.json
3
reference_url https://github.com/jenkinsci/mailer-plugin/commit/e1893c6d105669f134ee5c5212ef9f3944d7d00d
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/mailer-plugin/commit/e1893c6d105669f134ee5c5212ef9f3944d7d00d
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-2252
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-2252
5
reference_url https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1813
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1813
6
reference_url http://www.openwall.com/lists/oss-security/2020/09/16/3
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/09/16/3
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1880454
reference_id 1880454
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1880454
8
reference_url https://github.com/advisories/GHSA-6fr3-286q-q3cr
reference_id GHSA-6fr3-286q-q3cr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6fr3-286q-q3cr
9
reference_url https://access.redhat.com/errata/RHSA-2020:4297
reference_id RHSA-2020:4297
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4297
10
reference_url https://access.redhat.com/errata/RHSA-2020:5102
reference_id RHSA-2020:5102
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5102
Weaknesses
0
cwe_id 295
name Improper Certificate Validation
description The product does not validate, or incorrectly validates, a certificate.
1
cwe_id 297
name Improper Validation of Certificate with Host Mismatch
description The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
3
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-1uad-jqyh-zqgq