Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-30 | CVE-2022-34803 | Insufficiently Protected Credentials vulnerability in Jenkins Opsgenie Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission (config.xml), or access to the Jenkins controller file system. | 4.3 |
| 2022-06-30 | CVE-2022-34805 | Insufficiently Protected Credentials vulnerability in Jenkins Skype Notifier 1.0/1.0.1/1.1.0 Jenkins Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 |
| 2022-06-30 | CVE-2022-34806 | Insufficiently Protected Credentials vulnerability in Jenkins Jigomerge Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 6.5 |
| 2022-06-30 | CVE-2022-34807 | Insufficiently Protected Credentials vulnerability in Jenkins Elasticsearch Query 1.1/1.2 Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 |
| 2022-06-30 | CVE-2022-34808 | Insufficiently Protected Credentials vulnerability in Jenkins Cisco Spark Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 4.3 |
| 2022-06-30 | CVE-2022-34809 | Insufficiently Protected Credentials vulnerability in Jenkins RQM Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 |
| 2022-06-30 | CVE-2022-34816 | Insufficiently Protected Credentials vulnerability in Jenkins HPE Network Virtualization 1.0 Jenkins HPE Network Virtualization Plugin 1.0 stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 6.5 |
| 2022-06-28 | CVE-2022-31887 | Insufficiently Protected Credentials vulnerability in Marvalglobal Marval MSM 14.19.0.12476 Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password. | 9.8 |
| 2022-06-27 | CVE-2022-31085 | Insufficiently Protected Credentials vulnerability in multiple products LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. | 6.1 |
| 2022-06-27 | CVE-2022-2221 | Insufficiently Protected Credentials vulnerability in Devolutions Remote Desktop Manager Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. | 6.5 |