Vulnerabilities > Cleartext Storage of Sensitive Information

DATE CVE VULNERABILITY TITLE RISK
2023-01-31 CVE-2022-44644 Cleartext Storage of Sensitive Information vulnerability in Apache Linkis
In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, an authenticated attacker could read arbitrary local file by connecting a rogue mysql server, By adding allowLoadLocalInfile to true in the jdbc parameter.
network
low complexity
apache CWE-312
6.5
2023-01-30 CVE-2023-22332 Cleartext Storage of Sensitive Information vulnerability in Pgpool Pgpool-Ii
Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series.
network
low complexity
pgpool CWE-312
6.5
2023-01-27 CVE-2022-48071 Cleartext Storage of Sensitive Information vulnerability in Phicomm K2 Firmware 22.6.534.263
Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext.
network
low complexity
phicomm CWE-312
7.5
2023-01-27 CVE-2022-48073 Cleartext Storage of Sensitive Information vulnerability in Phicomm K2 Firmware 22.6.534.263
Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext.
network
low complexity
phicomm CWE-312
7.5
2023-01-26 CVE-2023-24439 Cleartext Storage of Sensitive Information vulnerability in Jenkins Jira Pipeline Steps
Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier stores the private keys unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
local
low complexity
jenkins CWE-312
5.5
2023-01-26 CVE-2023-24442 Cleartext Storage of Sensitive Information vulnerability in Jenkins Github Pull Request Coverage Status
Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
local
low complexity
jenkins CWE-312
5.5
2023-01-26 CVE-2023-24450 Cleartext Storage of Sensitive Information vulnerability in Jenkins View-Cloner 1.0/1.1
Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
network
low complexity
jenkins CWE-312
6.5
2023-01-26 CVE-2023-24454 Cleartext Storage of Sensitive Information vulnerability in Jenkins Testquality Updater 1.1/1.3
Jenkins TestQuality Updater Plugin 1.3 and earlier stores the TestQuality Updater password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
local
low complexity
jenkins CWE-312
5.5
2023-01-22 CVE-2023-24055 Cleartext Storage of Sensitive Information vulnerability in Keepass
** DISPUTED ** KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger.
local
low complexity
keepass CWE-312
5.5
2023-01-20 CVE-2022-38112 Cleartext Storage of Sensitive Information vulnerability in Solarwinds Database Performance Analyzer
In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.
network
low complexity
solarwinds CWE-312
7.5