Identifier

CVE-2020-2291

Package Slug

maven/org.jenkins-ci.plugins/couchdb-statistics

Vulnerability

Unprotected Storage of Credentials

Description

Jenkins couchdb-statistics Plugin stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Affected Versions

All versions up to 0.3

Solution

Upgrade to version 0.4 or above.

Last Modified

2020-10-12

source