Password stored in plain text by Jenkins couchdb-statistics Plugin

Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file org.jenkinsci.plugins.couchstats.CouchStatsConfig.xml on the Jenkins controller as part of its configuration. This password can be viewed by users with access to the Jenkins...

GHSA-JRJR-7RF4-3WQH Password stored in plain text by Jenkins couchdb-statistics Plugin

Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file org.jenkinsci.plugins.couchstats.CouchStatsConfig.xml on the Jenkins controller as part of its configuration. This password can be viewed by users with access to the Jenkins...

CVE-2020-2291

Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

Design/Logic Flaw

Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2020-2291

Summary: CVE-2020-2291 affects the Jenkins couchdb-statistics Plugin (versions ≤ 0.3). The vulnerability arises because the plugin stores its server password unencrypted in the global configuration file on the Jenkins controller, specifically in org.jenkinsci.plugins.couchstats.CouchStatsConfig.x...

PT-2020-15521 · Jenkins · Couchdb-Statistics Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins couchdb-statistics Plugin versions 0.3 and earlier Description: The issue concerns the storage of the server password in an unencrypted form in the global configuration file on the Jenkins controller. Specifically, the password is...