Description

Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/10/08/5

https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-2065

Related Vulnerabilities

CVE-2021-27578 Vulnerability in maven package org.apache.zeppelin:zeppelin

CVE-2020-16040 Vulnerability in npm package electron

CVE-2021-23371 Vulnerability in npm package chrono-node

CVE-2022-24728 Vulnerability in npm package ckeditor4

CVE-2022-36100 Vulnerability in maven package org.xwiki.platform:xwiki-platform-tag-ui

Severity

Low

Classification

CWE-522 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory