CVE-2020-2291 Vulnerability in maven package org.jenkins-ci.plugins:couchdb-statistics

Description

Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/10/08/5

https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-2065

Related Vulnerabilities

CVE-2021-46363 Vulnerability in maven package info.magnolia:magnolia-core

CVE-2022-38179 Vulnerability in maven package io.ktor:ktor-utils

CVE-2021-35513 Vulnerability in npm package mermaid

CVE-2021-40865 Vulnerability in maven package org.apache.storm:storm-server

CVE-2022-0508 Vulnerability in npm package @peertube/embed-api

Severity

Low

Classification

CWE-522 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N