Description
Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Remediation
References
https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-2065
http://www.openwall.com/lists/oss-security/2020/10/08/5
Related Vulnerabilities
CVE-2019-16574 Vulnerability in maven package com.alauda.jenkins.plugins:alauda-devops-pipeline
CVE-2015-0250 Vulnerability in maven package org.apache.xmlgraphics:batik-dom
CVE-2023-34659 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-parent
CVE-2022-22984 Vulnerability in npm package snyk-gradle-plugin
CVE-2020-5413 Vulnerability in maven package org.springframework.integration:spring-integration