Search
Total
328 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12333 | 1 Intel | 1 Quickassist Technology | 2020-11-30 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficiently protected credentials in the Intel(R) QAT for Linux before version 1.7.l.4.10.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-27688 | 1 Robware | 1 Rvtools | 2020-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt() method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The accounts used in the configuration files have access to vSphere instances. | |||||
| CVE-2020-8183 | 1 Nextcloud | 1 Nextcloud | 2020-11-12 | 5.0 MEDIUM | 7.5 HIGH |
| A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call. | |||||
| CVE-2019-3780 | 1 Cloudfoundry | 1 Container Runtime | 2020-10-19 | 6.5 MEDIUM | 8.8 HIGH |
| Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials. A malicious user with access to the k8s nodes can obtain IAAS credentials allowing the user to escalate privileges to gain access to the IAAS account. | |||||
| CVE-2019-3782 | 1 Cloudfoundry | 1 Credhub Cli | 2020-10-19 | 2.1 LOW | 7.8 HIGH |
| Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify credentials stored in CredHub that are authorized to the targeted user. | |||||
| CVE-2018-20243 | 1 Apache | 1 Fineract | 2020-10-16 | 5.0 MEDIUM | 7.5 HIGH |
| The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in fineract jira issues 726 and 629. | |||||
| CVE-2019-5627 | 1 Bluecats | 1 Bc Reveal | 2020-10-16 | 2.1 LOW | 7.8 HIGH |
| The iOS mobile application BlueCats Reveal before 5.14 stores the username and password in the app cache as base64 encoded strings, i.e. clear text. These persist in the cache even if the user logs out. This can allow an attacker to compromise the affected BlueCats network implementation. The attacker would first need to gain physical control of the iOS device or compromise it with a malicious app. | |||||
| CVE-2019-5626 | 1 Bluecats | 1 Bluecats Reveal | 2020-10-16 | 2.1 LOW | 7.8 HIGH |
| The Android mobile application BlueCats Reveal before 3.0.19 stores the username and password in a clear text file. This file persists until the user logs out or the session times out from non-usage (30 days of no user activity). This can allow an attacker to compromise the affected BlueCats network implementation. The attacker would first need to gain physical control of the Android device or compromise it with a malicious app. | |||||
| CVE-2019-5625 | 1 Eaton | 1 Halo Home | 2020-10-16 | 3.6 LOW | 7.1 HIGH |
| The Android mobile application Halo Home before 1.11.0 stores OAuth authentication and refresh access tokens in a clear text file. This file persists until the user logs out of the application and reboots the device. This vulnerability can allow an attacker to impersonate the legitimate user by reusing the stored OAuth token, thus allowing them to view and change the user's personal information stored in the backend cloud service. The attacker would first need to gain physical control of the Android device or compromise it with a malicious app. | |||||
| CVE-2019-11271 | 1 Cloud Foundry | 1 Bosh | 2020-10-16 | 2.1 LOW | 7.8 HIGH |
| Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Director that does not properly redact credentials when configured to use a MySQL database. A local authenticated malicious user may read any credentials that are contained in a BOSH manifest. | |||||
| CVE-2020-26149 | 1 Linuxfoundation | 3 Nats.deno, Nats.js, Nats.ws | 2020-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno before 1.0.0-9 allow credential disclosure from a client to a server. | |||||
| CVE-2019-6549 | 1 Kunbus | 2 Pr100088 Modbus Gateway, Pr100088 Modbus Gateway Firmware | 2020-10-05 | 4.0 MEDIUM | 7.2 HIGH |
| An attacker could retrieve plain-text credentials stored in a XML file on PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) through FTP. | |||||
| CVE-2019-10277 | 1 Jenkins | 1 Starteam | 2020-10-02 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins StarTeam Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10280 | 1 Jenkins | 1 Assembla Auth | 2020-10-02 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Assembla Auth Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10291 | 1 Jenkins | 1 Netsparker Cloud Scan | 2020-10-02 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
| CVE-2019-10282 | 1 Jenkins | 1 Klaros-testmanagement | 2020-10-02 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Klaros-Testmanagement Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10281 | 1 Jenkins | 1 Relution Enterprise Appstore Publisher | 2020-10-02 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10294 | 1 Jenkins | 1 Kmap | 2020-10-02 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Kmap Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10298 | 1 Jenkins | 1 Koji | 2020-10-02 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Koji Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10297 | 1 Jenkins | 1 Sametime | 2020-10-02 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Sametime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10296 | 1 Jenkins | 1 Serena Sra Deploy | 2020-10-02 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Serena SRA Deploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10295 | 1 Jenkins | 1 Crittercism-dsym | 2020-10-02 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins crittercism-dsym Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10299 | 1 Jenkins | 1 Cloudcoreo Deploytime | 2020-10-02 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins CloudCoreo DeployTime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10302 | 1 Jenkins | 1 Jira-ext | 2020-10-02 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
| CVE-2019-10303 | 1 Jenkins | 1 Azure Publishersettings Credentials | 2020-10-02 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Azure PublisherSettings Credentials Plugin 1.2 and earlier stored credentials unencrypted in the credentials.xml file on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
| CVE-2019-10316 | 1 Jenkins | 1 Aqua Microscanner | 2020-10-02 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Aqua MicroScanner Plugin 1.0.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
| CVE-2019-10318 | 1 Jenkins | 1 Azure Ad | 2020-10-02 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system. | |||||
| CVE-2019-10329 | 1 Eficode | 1 Influxdb | 2020-10-02 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins InfluxDB Plugin 1.21 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10347 | 1 Jenkins | 1 Mashup Portlets | 2020-10-02 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Mashup Portlets Plugin stored credentials unencrypted on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10960 | 1 Zebra | 16 220xi4, 220xi4 Firmware, Zt220 and 13 more | 2020-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access to front panel options. If the option to use a passcode to limit the functionality of the front panel is applied, specially crafted packets could be sent over the same network to a port on the printer and the printer will respond with an array of information that includes the front panel passcode for the printer. Once the passcode is retrieved, an attacker must have physical access to the front panel of the printer to enter the passcode to access the full functionality of the front panel. | |||||
| CVE-2019-10981 | 1 Schneider-electric | 2 Citectscada, Scada Expert Vijeo Citect | 2020-10-02 | 2.1 LOW | 7.8 HIGH |
| In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulnerability has been identified that may allow an authenticated local user access to Citect user credentials. | |||||
| CVE-2019-10313 | 1 Jenkins | 1 Twitter | 2020-10-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Twitter Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10284 | 1 Jenkins | 1 Diawi Upload | 2020-10-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Diawi Upload Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10285 | 1 Jenkins | 1 Minio Storage | 2020-10-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Minio Storage Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10288 | 1 Jenkins | 1 Jabber Server | 2020-10-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Jabber Server Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10287 | 1 Jenkins | 1 Youtrack-plugin | 2020-10-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins youtrack-plugin Plugin 0.7.1 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
| CVE-2019-10286 | 1 Jenkins | 1 Deployhub | 2020-10-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins DeployHub Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10283 | 1 Jenkins | 1 Mabl | 2020-10-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins mabl Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10139 | 1 Ovirt | 1 Cockpit-ovirt | 2020-09-30 | 2.1 LOW | 7.8 HIGH |
| During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var` which contains the admin and the appliance passwords as plain-text. At the of the deployment procedure, these files are deleted. | |||||
| CVE-2019-1003039 | 1 Jenkins | 1 Appdynamics | 2020-09-30 | 4.0 MEDIUM | 8.8 HIGH |
| An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java that allows attackers without permission to obtain passwords configured in jobs to obtain them. | |||||
| CVE-2019-1003038 | 1 Jenkins | 1 Repository Connector | 2020-09-30 | 2.1 LOW | 7.8 HIGH |
| An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the password stored in the plugin configuration. | |||||
| CVE-2019-0032 | 1 Juniper | 2 Service Insight, Service Now | 2020-09-29 | 2.1 LOW | 7.8 HIGH |
| A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization. Affected products are: Juniper Networks Service Insight versions from 15.1R1, prior to 18.1R1. Service Now versions from 15.1R1, prior to 18.1R1. | |||||
| CVE-2018-0474 | 1 Cisco | 1 Unified Communications Manager | 2020-08-28 | 4.0 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view digest credentials in clear text. The vulnerability is due to the incorrect inclusion of saved passwords in configuration pages. An attacker could exploit this vulnerability by logging in to the Cisco Unified Communications Manager web-based management interface and viewing the source code for the configuration page. A successful exploit could allow the attacker to recover passwords and expose those accounts to further attack. | |||||
| CVE-2019-9657 | 1 Alarm | 2 Adc-v522ir, Adc-v522ir Firmware | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control, a different issue than CVE-2018-19588. This occurs because of incorrect protection of VPN certificates (used for initiating a VPN session to the Alarm.com infrastructure) on the local camera device. | |||||
| CVE-2018-1000425 | 1 Sonarsource | 1 Sonarqube Scanner | 2020-08-24 | 2.1 LOW | 7.8 HIGH |
| An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8 and earlier in SonarInstallation.java that allows attackers with local file system access to obtain the credentials used to connect to SonarQube. | |||||
| CVE-2018-1000423 | 1 Atlassian | 1 Crowd2 | 2020-08-24 | 2.1 LOW | 7.8 HIGH |
| An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2. | |||||
| CVE-2018-1000424 | 1 Jfrog | 1 Artifactory | 2020-08-24 | 2.1 LOW | 7.8 HIGH |
| An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin. | |||||
| CVE-2018-17500 | 1 Envoy | 1 Passport | 2020-08-24 | 2.1 LOW | 7.8 HIGH |
| Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext. An attacker could exploit this vulnerability to obtain sensitive information. | |||||
| CVE-2018-18656 | 1 Purevpn | 1 Purevpn | 2020-08-24 | 2.1 LOW | 7.8 HIGH |
| The PureVPN client before 6.1.0 for Windows stores Login Credentials (username and password) in cleartext. The location of such files is %PROGRAMDATA%\purevpn\config\login.conf. Additionally, all local users can read this file. | |||||
| CVE-2019-0881 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | |||||