Description

Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/10/08/5

https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-2065

Related Vulnerabilities

CVE-2022-45396 Vulnerability in maven package com.thalesgroup.hudson.plugins:sourcemonitor

CVE-2020-28477 Vulnerability in npm package immer

CVE-2020-15126 Vulnerability in npm package parse-server

CVE-2019-14439 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2022-21213 Vulnerability in maven package org.webjars.npm:mout

Severity

Low

Classification

CWE-522 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory