Vulnerabilities > Cleartext Storage of Sensitive Information
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-27 | CVE-2023-29471 | Cleartext Storage of Sensitive Information vulnerability in Lightbend Alpakka Kafka Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). | 5.5 |
2023-04-24 | CVE-2023-29480 | Cleartext Storage of Sensitive Information vulnerability in Ribose RNP Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked after use. | 7.5 |
2023-04-23 | CVE-2023-31043 | Cleartext Storage of Sensitive Information vulnerability in Enterprisedb Postgres Advanced Server EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edb_filter_log.redact_password_commands. | 7.5 |
2023-04-19 | CVE-2023-22894 | Cleartext Storage of Sensitive Information vulnerability in Strapi Strapi through 4.5.5 allows attackers (with access to the admin panel) to discover sensitive user details by exploiting the query filter. | 4.9 |
2023-04-14 | CVE-2023-22949 | Cleartext Storage of Sensitive Information vulnerability in Tigergraph Cloud and Tigergraph Enterprise An issue was discovered in TigerGraph Enterprise Free Edition 3.x. | 4.9 |
2023-04-12 | CVE-2023-30523 | Cleartext Storage of Sensitive Information vulnerability in Jenkins Report Portal Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | 4.3 |
2023-04-12 | CVE-2023-30527 | Cleartext Storage of Sensitive Information vulnerability in Jenkins Wso2 Oauth 1.0 Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 4.3 |
2023-04-12 | CVE-2023-30528 | Cleartext Storage of Sensitive Information vulnerability in Jenkins Wso2 Oauth 1.0 Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it. | 6.5 |
2023-04-12 | CVE-2023-30530 | Cleartext Storage of Sensitive Information vulnerability in Jenkins Consul KV Builder 2.0.13 Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 4.3 |
2023-04-12 | CVE-2023-30531 | Cleartext Storage of Sensitive Information vulnerability in Jenkins Consul KV Builder 2.0.13 Jenkins Consul KV Builder Plugin 2.0.13 and earlier does not mask the HashiCorp Consul ACL Token on the global configuration form, increasing the potential for attackers to observe and capture it. | 6.5 |