Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-10 | CVE-2022-38121 | Insufficiently Protected Credentials vulnerability in Upspowercom Upsmon PRO 2.57 UPSMON PRO configuration file stores user password in plaintext under public user directory. | 6.5 |
| 2022-11-08 | CVE-2022-36077 | Insufficiently Protected Credentials vulnerability in Electronjs Electron The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. | 6.1 |
| 2022-11-01 | CVE-2022-3781 | Insufficiently Protected Credentials vulnerability in Devolutions Remote Desktop Manager Dashlane password and Keepass Server password in My Account Settings are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data. This issue affects : Remote Desktop Manager 2022.2.26 and prior versions. Devolutions Server 2022.3.1 and prior versions. | 6.5 |
| 2022-10-26 | CVE-2022-3474 | Insufficiently Protected Credentials vulnerability in Google Bazel 5.0.0 A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead of only the required ones for the requests. | 4.3 |
| 2022-10-25 | CVE-2022-3644 | Insufficiently Protected Credentials vulnerability in multiple products The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only. | 5.5 |
| 2022-10-21 | CVE-2022-41575 | Insufficiently Protected Credentials vulnerability in Gradle Enterprise 2022.3.1/2022.3.2 A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext credentials). | 7.5 |
| 2022-10-19 | CVE-2022-43419 | Insufficiently Protected Credentials vulnerability in Jenkins Katalon Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 6.5 |
| 2022-10-18 | CVE-2022-22251 | Insufficiently Protected Credentials vulnerability in Juniper Junos On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment. | 7.8 |
| 2022-10-17 | CVE-2019-14840 | Insufficiently Protected Credentials vulnerability in Redhat Decision Manager 7.0 A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials. | 7.5 |
| 2022-10-17 | CVE-2022-28291 | Insufficiently Protected Credentials vulnerability in Tenable Nessus Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. | 6.5 |