Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-25 | CVE-2023-2881 | Insufficiently Protected Credentials vulnerability in Pimcore Customer-Data-Framework Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10. | 4.9 |
| 2023-05-22 | CVE-2023-33264 | Insufficiently Protected Credentials vulnerability in Hazelcast In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. | 4.3 |
| 2023-05-17 | CVE-2023-1763 | Insufficiently Protected Credentials vulnerability in Canon IJ Network Tool Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the software. | 6.5 |
| 2023-05-16 | CVE-2023-2632 | Insufficiently Protected Credentials vulnerability in Jenkins Code DX Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | 4.3 |
| 2023-05-16 | CVE-2023-2633 | Insufficiently Protected Credentials vulnerability in Jenkins Code DX Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them. | 4.3 |
| 2023-05-16 | CVE-2023-33000 | Insufficiently Protected Credentials vulnerability in Jenkins Ns-Nd Integration Performance Publisher Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does not mask credentials displayed on the configuration form, increasing the potential for attackers to observe and capture them. | 7.5 |
| 2023-05-16 | CVE-2023-32988 | Insufficiently Protected Credentials vulnerability in Jenkins Azure VM Agents A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
| 2023-05-12 | CVE-2022-47880 | Insufficiently Protected Credentials vulnerability in Jedox and Jedox Cloud An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections' cleartext password via the 'test connection' function. | 5.3 |
| 2023-05-10 | CVE-2022-40685 | Insufficiently Protected Credentials vulnerability in Intel Data Center Manager Insufficiently protected credentials in the Intel(R) DCM software before version 5.0.1 may allow an authenticated user to potentially enable information disclosure via network access. | 6.5 |
| 2023-05-09 | CVE-2023-20046 | Insufficiently Protected Credentials vulnerability in Cisco Staros A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied credentials. | 8.8 |