Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-08 | CVE-2022-36077 | Insufficiently Protected Credentials vulnerability in Electronjs Electron The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. | 6.1 |
| 2022-11-01 | CVE-2022-3781 | Insufficiently Protected Credentials vulnerability in Devolutions Remote Desktop Manager Dashlane password and Keepass Server password in My Account Settings are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data. This issue affects : Remote Desktop Manager 2022.2.26 and prior versions. Devolutions Server 2022.3.1 and prior versions. | 6.5 |
| 2022-10-26 | CVE-2022-3474 | Insufficiently Protected Credentials vulnerability in Google Bazel 5.0.0 A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead of only the required ones for the requests. | 4.3 |
| 2022-10-25 | CVE-2022-3644 | Insufficiently Protected Credentials vulnerability in multiple products The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only. | 5.5 |
| 2022-10-21 | CVE-2022-41575 | Insufficiently Protected Credentials vulnerability in Gradle Enterprise 2022.3.1/2022.3.2 A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext credentials). | 7.5 |
| 2022-10-19 | CVE-2022-43419 | Insufficiently Protected Credentials vulnerability in Jenkins Katalon Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 6.5 |
| 2022-10-17 | CVE-2022-28291 | Insufficiently Protected Credentials vulnerability in Tenable Nessus Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. | 6.5 |
| 2022-10-17 | CVE-2022-3206 | Insufficiently Protected Credentials vulnerability in Passster Project Passster The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named "passster" using base64 encoding method which is easy to decode. | 5.9 |
| 2022-10-13 | CVE-2022-31130 | Insufficiently Protected Credentials vulnerability in Grafana Grafana is an open source observability and data visualization platform. | 7.5 |
| 2022-09-29 | CVE-2022-39168 | Insufficiently Protected Credentials vulnerability in IBM products IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. | 7.5 |