Search
Total
811 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10347 | 1 Jenkins | 1 Mashup Portlets | 2020-10-02 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Mashup Portlets Plugin stored credentials unencrypted on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10345 | 1 Jenkins | 1 Configuration As Code | 2020-10-02 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret to be masked when logging or encrypted for export. | |||||
| CVE-2019-10361 | 1 Jenkins | 1 M2release | 2020-10-02 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
| CVE-2019-10960 | 1 Zebra | 16 220xi4, 220xi4 Firmware, Zt220 and 13 more | 2020-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access to front panel options. If the option to use a passcode to limit the functionality of the front panel is applied, specially crafted packets could be sent over the same network to a port on the printer and the printer will respond with an array of information that includes the front panel passcode for the printer. Once the passcode is retrieved, an attacker must have physical access to the front panel of the printer to enter the passcode to access the full functionality of the front panel. | |||||
| CVE-2019-10379 | 1 Google | 1 Cloud Messaging Notification | 2020-10-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Google Cloud Messaging Notification Plugin 1.0 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10981 | 1 Schneider-electric | 2 Citectscada, Scada Expert Vijeo Citect | 2020-10-02 | 2.1 LOW | 7.8 HIGH |
| In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulnerability has been identified that may allow an authenticated local user access to Citect user credentials. | |||||
| CVE-2019-10313 | 1 Jenkins | 1 Twitter | 2020-10-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Twitter Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10366 | 1 Jenkins | 1 Skytap Cloud Ci | 2020-10-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10385 | 1 Jenkins | 1 Eggplant | 2020-10-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10378 | 1 Jenkins | 1 Testlink | 2020-10-01 | 2.1 LOW | 5.3 MEDIUM |
| Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10284 | 1 Jenkins | 1 Diawi Upload | 2020-10-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Diawi Upload Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10285 | 1 Jenkins | 1 Minio Storage | 2020-10-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Minio Storage Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10287 | 1 Jenkins | 1 Youtrack-plugin | 2020-10-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins youtrack-plugin Plugin 0.7.1 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
| CVE-2019-10286 | 1 Jenkins | 1 Deployhub | 2020-10-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins DeployHub Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10288 | 1 Jenkins | 1 Jabber Server | 2020-10-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Jabber Server Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10283 | 1 Jenkins | 1 Mabl | 2020-10-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins mabl Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-7945 | 1 Puppet | 1 Continuous Delivery | 2020-09-30 | 2.1 LOW | 5.5 MEDIUM |
| Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1. | |||||
| CVE-2019-10139 | 1 Ovirt | 1 Cockpit-ovirt | 2020-09-30 | 2.1 LOW | 7.8 HIGH |
| During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var` which contains the admin and the appliance passwords as plain-text. At the of the deployment procedure, these files are deleted. | |||||
| CVE-2019-1010241 | 1 Jenkins | 1 Credentials Binding | 2020-09-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line #30 (passwordVariable). The attack vector is: Attacker creates and executes a Jenkins job. | |||||
| CVE-2019-1003039 | 1 Jenkins | 1 Appdynamics | 2020-09-30 | 4.0 MEDIUM | 8.8 HIGH |
| An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java that allows attackers without permission to obtain passwords configured in jobs to obtain them. | |||||
| CVE-2019-1003038 | 1 Jenkins | 1 Repository Connector | 2020-09-30 | 2.1 LOW | 7.8 HIGH |
| An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the password stored in the plugin configuration. | |||||
| CVE-2019-1003045 | 1 Trustsource | 1 Ecs Publisher | 2020-09-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token configured in this plugin's configuration. | |||||
| CVE-2018-17871 | 1 Verint | 1 Verba Collaboration Compliance And Quality Management Platform | 2020-09-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Incorrect Access Control. | |||||
| CVE-2019-0032 | 1 Juniper | 2 Service Insight, Service Now | 2020-09-29 | 2.1 LOW | 7.8 HIGH |
| A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization. Affected products are: Juniper Networks Service Insight versions from 15.1R1, prior to 18.1R1. Service Now versions from 15.1R1, prior to 18.1R1. | |||||
| CVE-2019-11402 | 1 Gradle | 1 Enterprise | 2020-09-18 | 5.0 MEDIUM | 9.8 CRITICAL |
| In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format. | |||||
| CVE-2020-3547 | 1 Cisco | 4 Asyncos, Content Security Management Appliance, Email Security Appliance and 1 more | 2020-09-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because an insecure method is used to mask certain passwords on the web-based management interface. An attacker could exploit this vulnerability by looking at the raw HTML code that is received from the interface. A successful exploit could allow the attacker to obtain some of the passwords configured throughout the interface. | |||||
| CVE-2018-0474 | 1 Cisco | 1 Unified Communications Manager | 2020-08-28 | 4.0 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view digest credentials in clear text. The vulnerability is due to the incorrect inclusion of saved passwords in configuration pages. An attacker could exploit this vulnerability by logging in to the Cisco Unified Communications Manager web-based management interface and viewing the source code for the configuration page. A successful exploit could allow the attacker to recover passwords and expose those accounts to further attack. | |||||
| CVE-2019-4697 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2020-08-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 171938. | |||||
| CVE-2019-4693 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2020-08-27 | 2.1 LOW | 4.4 MEDIUM |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 171831. | |||||
| CVE-2020-4593 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2020-08-26 | 2.1 LOW | 4.4 MEDIUM |
| IBM Security Guardium Insights 2.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184747. | |||||
| CVE-2020-16280 | 1 Rangee | 1 Rangeeos | 2020-08-26 | 2.1 LOW | 5.5 MEDIUM |
| Multiple Rangee GmbH RangeeOS 8.0.4 modules store credentials in plaintext including credentials of users for several external facing administrative services, domain joined users, and local administrators. To exploit the vulnerability a local attacker must have access to the underlying operating system. | |||||
| CVE-2019-13400 | 1 Fortinet | 2 Fcm-mb40, Fcm-mb40 Firmware | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext. These credentials can be retrieved via cgi-bin/getuserinfo.cgi?mode=info. | |||||
| CVE-2018-1000425 | 1 Sonarsource | 1 Sonarqube Scanner | 2020-08-24 | 2.1 LOW | 7.8 HIGH |
| An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8 and earlier in SonarInstallation.java that allows attackers with local file system access to obtain the credentials used to connect to SonarQube. | |||||
| CVE-2018-1000423 | 1 Atlassian | 1 Crowd2 | 2020-08-24 | 2.1 LOW | 7.8 HIGH |
| An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2. | |||||
| CVE-2018-1000424 | 1 Jfrog | 1 Artifactory | 2020-08-24 | 2.1 LOW | 7.8 HIGH |
| An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin. | |||||
| CVE-2018-1000851 | 1 Copay | 1 Copay Bitcoin Wallet | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| Copay Bitcoin Wallet version 5.01 to 5.1.0 included. contains a Other/Unknown vulnerability in wallet private key storage that can result in Users' private key can be compromised. . This attack appear to be exploitable via Affected version run the malicious code at startup . This vulnerability appears to have been fixed in 5.2.0 and later . | |||||
| CVE-2018-12038 | 1 Samsung | 2 840 Evo, 840 Evo Firmware | 2020-08-24 | 1.9 LOW | 4.2 MEDIUM |
| An issue was discovered on Samsung 840 EVO devices. Vendor-specific commands may allow access to the disk-encryption key. | |||||
| CVE-2018-17500 | 1 Envoy | 1 Passport | 2020-08-24 | 2.1 LOW | 7.8 HIGH |
| Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext. An attacker could exploit this vulnerability to obtain sensitive information. | |||||
| CVE-2018-18656 | 1 Purevpn | 1 Purevpn | 2020-08-24 | 2.1 LOW | 7.8 HIGH |
| The PureVPN client before 6.1.0 for Windows stores Login Credentials (username and password) in cleartext. The location of such files is %PROGRAMDATA%\purevpn\config\login.conf. Additionally, all local users can read this file. | |||||
| CVE-2018-18698 | 1 Mi | 2 Xiaomi Mi-a1, Xiaomi Mi-a1 Firmware | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices. They store cleartext Wi-Fi passwords in logcat during the process of setting up the phone as a hotspot. | |||||
| CVE-2018-19466 | 1 Portainer | 1 Portainer | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials, corresponding to a master password, in cleartext and allows their retrieval via API calls. | |||||
| CVE-2019-0120 | 1 Intel | 56 Atom 230, Atom 230 Firmware, Atom 330 and 53 more | 2020-08-24 | 2.1 LOW | 4.4 MEDIUM |
| Insufficient key protection vulnerability in silicon reference firmware for Intel(R) Pentium(R) Processor J Series, Intel(R) Pentium(R) Processor N Series, Intel(R) Celeron(R) J Series, Intel(R) Celeron(R) N Series, Intel(R) Atom(R) Processor A Series, Intel(R) Atom(R) Processor E3900 Series, Intel(R) Pentium(R) Processor Silver Series may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2019-0175 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2020-08-24 | 3.6 LOW | 4.4 MEDIUM |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2019-0179 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2020-08-24 | 3.6 LOW | 4.4 MEDIUM |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2019-0180 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2020-08-24 | 3.6 LOW | 4.4 MEDIUM |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2019-0182 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2019-0183 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2019-0881 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-1000001 | 1 Teampass | 1 Teampass | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role assignment and can lead to shared password leakage. | |||||
| CVE-2019-1010308 | 1 Aquaverde | 1 Aquarius Cms | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| Aquaverde GmbH Aquarius CMS prior to version 4.1.1 is affected by: Incorrect Access Control. The impact is: The access to the log file is not restricted. It contains sensitive information like passwords etc. The component is: log file. The attack vector is: open the file. | |||||