Description
Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-2065
http://www.openwall.com/lists/oss-security/2020/10/08/5
Related Vulnerabilities
CVE-2018-6874 Vulnerability in maven package org.webjars.npm:auth0-js
CVE-2023-24445 Vulnerability in maven package org.jenkins-ci.plugins:openid
CVE-2022-25940 Vulnerability in npm package lite-server
CVE-2019-20365 Vulnerability in maven package org.igniterealtime.openfire:xmppserver
CVE-2023-30548 Vulnerability in npm package gatsby-plugin-sharp