Vulnerabilities > Cleartext Storage of Sensitive Information

DATE CVE VULNERABILITY TITLE RISK
2023-04-27 CVE-2023-29471 Cleartext Storage of Sensitive Information vulnerability in Lightbend Alpakka Kafka
Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured).
local
low complexity
lightbend CWE-312
5.5
2023-04-24 CVE-2023-29480 Cleartext Storage of Sensitive Information vulnerability in Ribose RNP
Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked after use.
network
low complexity
ribose CWE-312
7.5
2023-04-23 CVE-2023-31043 Cleartext Storage of Sensitive Information vulnerability in Enterprisedb Postgres Advanced Server
EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edb_filter_log.redact_password_commands.
network
low complexity
enterprisedb CWE-312
7.5
2023-04-19 CVE-2023-22894 Cleartext Storage of Sensitive Information vulnerability in Strapi
Strapi through 4.5.5 allows attackers (with access to the admin panel) to discover sensitive user details by exploiting the query filter.
network
low complexity
strapi CWE-312
4.9
2023-04-14 CVE-2023-22949 Cleartext Storage of Sensitive Information vulnerability in Tigergraph Cloud and Tigergraph Enterprise
An issue was discovered in TigerGraph Enterprise Free Edition 3.x.
network
low complexity
tigergraph CWE-312
4.9
2023-04-12 CVE-2023-30523 Cleartext Storage of Sensitive Information vulnerability in Jenkins Report Portal
Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
network
low complexity
jenkins CWE-312
4.3
2023-04-12 CVE-2023-30527 Cleartext Storage of Sensitive Information vulnerability in Jenkins Wso2 Oauth 1.0
Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
network
low complexity
jenkins CWE-312
4.3
2023-04-12 CVE-2023-30528 Cleartext Storage of Sensitive Information vulnerability in Jenkins Wso2 Oauth 1.0
Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it.
network
low complexity
jenkins CWE-312
6.5
2023-04-12 CVE-2023-30530 Cleartext Storage of Sensitive Information vulnerability in Jenkins Consul KV Builder 2.0.13
Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
network
low complexity
jenkins CWE-312
4.3
2023-04-12 CVE-2023-30531 Cleartext Storage of Sensitive Information vulnerability in Jenkins Consul KV Builder 2.0.13
Jenkins Consul KV Builder Plugin 2.0.13 and earlier does not mask the HashiCorp Consul ACL Token on the global configuration form, increasing the potential for attackers to observe and capture it.
network
low complexity
jenkins CWE-312
6.5