Total
493 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10443 | 1 Jenkins | 1 Icescrum | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2011-5247 | 1 Prophecyinternational | 1 Snare | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Snare for Linux before 1.7.0 has password disclosure because the rendered page contains the field RemotePassword. | |||||
| CVE-2019-10440 | 1 Jenkins | 1 Neoload | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-7213 | 1 Parallels | 1 Parallels | 2023-12-10 | 7.6 HIGH | 7.5 HIGH |
| Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Users of out-of-date versions are presented with a pop-up window for a parallels_updates.xml file on the http://update.parallels.com web site. | |||||
| CVE-2019-15023 | 1 Zingbox | 1 Inspector | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration. | |||||
| CVE-2019-10451 | 1 Jenkins | 1 Soasta Cloudtest | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-17106 | 1 Centreon | 1 Centreon Web | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components. | |||||
| CVE-2020-2154 | 1 Jenkins | 1 Zephyr For Jira Test Management | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores its credentials in plain text in a global configuration file on the Jenkins master file system. | |||||
| CVE-2019-10450 | 1 Jenkins | 1 Elasticbox Ci | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10447 | 1 Jenkins | 1 Sofy.ai | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-6670 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2023-12-10 | 2.1 LOW | 4.4 MEDIUM |
| On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5, vCMP hypervisors are incorrectly exposing the plaintext unit key for their vCMP guests on the filesystem. | |||||
| CVE-2008-7272 | 1 Getfiregpg | 1 Firegpg | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| FireGPG before 0.6 handle user’s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users’s private key. | |||||
| CVE-2020-9407 | 1 Iblsoft | 1 Online Weather | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie. | |||||
| CVE-2019-14825 | 1 Theforeman | 1 Katello | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
| A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users. | |||||
| CVE-2019-10452 | 1 Jenkins | 1 View26 Test-reporting | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-4314 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. IBM X-Force ID: 1610141. | |||||
| CVE-2019-19314 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext. | |||||
| CVE-2019-10449 | 1 Jenkins | 1 Fortify On Demand | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10348 | 1 Jenkins | 1 Gogs | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-9823 | 1 Jetbrains | 1 Intellij Idea | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8. | |||||