GHSA-jrjr-7rf4-3wqh

Опубликовано: 24 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 3.3

Описание

Password stored in plain text by Jenkins couchdb-statistics Plugin

Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file org.jenkinsci.plugins.couchstats.CouchStatsConfig.xml on the Jenkins controller as part of its configuration.

This password can be viewed by users with access to the Jenkins controller file system.

couchdb-statistics Plugin 0.4 stores its server password encrypted once its configuration is saved again.

Ссылки

Пакеты

Наименование

org.jenkins-ci.plugins:couchdb-statistics

maven

Затронутые версииВерсия исправления

< 0.4

0.4

EPSS

Процентиль: 1%

0.0001

Низкий

3.3 Low

CVSS3

CVE ID

CVE-2020-2291

Дефекты

CWE-522

Связанные уязвимости

CVE-2020-2291

CVSS3: 3.3

nvd

больше 5 лет назад

Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

EPSS

Процентиль: 1%

0.0001

Низкий

3.3 Low

CVSS3

CVE ID

CVE-2020-2291

Дефекты

CWE-522