Vulnerabilities > Cleartext Storage of Sensitive Information
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-13 | CVE-2023-50772 | Cleartext Storage of Sensitive Information vulnerability in Jenkins Dingding Json Pusher Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | 4.3 |
| 2023-12-13 | CVE-2023-50773 | Cleartext Storage of Sensitive Information vulnerability in Jenkins Dingding Json Pusher Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | 4.3 |
| 2023-12-13 | CVE-2023-50776 | Cleartext Storage of Sensitive Information vulnerability in Jenkins Paaslane Estimate 1.0.4 Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | 4.3 |
| 2023-12-13 | CVE-2023-50777 | Cleartext Storage of Sensitive Information vulnerability in Jenkins Paaslane Estimate 1.0.4 Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | 4.3 |
| 2023-12-12 | CVE-2015-8314 | Cleartext Storage of Sensitive Information vulnerability in Heartcombo Devise The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access. | 7.5 |
| 2023-12-12 | CVE-2022-46141 | Cleartext Storage of Sensitive Information vulnerability in Siemens Simatic Step 7 A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All versions < V19). | 5.5 |
| 2023-12-07 | CVE-2023-40238 | Cleartext Storage of Sensitive Information vulnerability in Insyde Insydeh2O A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. | 5.5 |
| 2023-11-30 | CVE-2023-46384 | Cleartext Storage of Sensitive Information vulnerability in Loytec L-Inx Configurator 7.4.10 LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. | 7.5 |
| 2023-11-30 | CVE-2023-46386 | Cleartext Storage of Sensitive Information vulnerability in Loytec Linx-151 Firmware and Linx-212 Firmware LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via registry.xml file. | 7.5 |
| 2023-11-30 | CVE-2023-46388 | Cleartext Storage of Sensitive Information vulnerability in Loytec Linx-151 Firmware and Linx-212 Firmware LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via dpal_config.zml file. | 7.5 |