1. Home
  2. Security Advisories
  3. Jenkins
  4. JENKINS:SECURITY-2065

[JENKINS:SECURITY-2065] Password stored in plain text by `couchdb-statistics`

Severity Low
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

couchdb-statistics 0.3 and earlier stores its server password unencrypted in its global configuration file org.jenkinsci.plugins.couchstats.CouchStatsConfig.xml on the Jenkins controller as part of its configuration.

This password can be viewed by users with access to the Jenkins controller file system.

couchdb-statistics 0.4 stores its server password encrypted once its configuration is saved again.

Package Affected Version
pkg:maven/org.jenkins-ci.plugins/couchdb-statistics <= 0.3
pkg:github/jenkinsci/couchdb-statistics-plugin <= 0.3
Package Fixed Version
pkg:maven/org.jenkins-ci.plugins/couchdb-statistics = 0.4
pkg:github/jenkinsci/couchdb-statistics-plugin = 0.4
ID
JENKINS:SECURITY-2065
Severity
low
Published
2020-10-08T00:00:00
(4 years ago)
Modified
2020-10-08T00:00:00
(4 years ago)
Rights
Jenkins Security Team
Other Advisories
Source # ID Name URL
Plugin repository couchdb-statistics repository https://github.com/jenkinsci/couchdb-statistics-plugin
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.jenkins-ci.plugins/couchdb-statistics org.jenkins-ci.plugins couchdb-statistics <= 0.3
Fixed pkg:maven/org.jenkins-ci.plugins/couchdb-statistics org.jenkins-ci.plugins couchdb-statistics = 0.4
Affected pkg:github/jenkinsci/couchdb-statistics-plugin jenkinsci couchdb-statistics-plugin <= 0.3
Fixed pkg:github/jenkinsci/couchdb-statistics-plugin jenkinsci couchdb-statistics-plugin = 0.4
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date