Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-08 | CVE-2022-35411 | Insufficiently Protected Credentials vulnerability in Rpc.Py Project Rpc.Py rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. | 9.8 |
| 2022-07-06 | CVE-2022-27548 | Insufficiently Protected Credentials vulnerability in Hcltechsw HCL Launch 7.0.5.10/7.1.2.6/7.2.2.1 HCL Launch stores user credentials in plain clear text which can be read by a local user. | 5.5 |
| 2022-06-30 | CVE-2022-34799 | Insufficiently Protected Credentials vulnerability in Jenkins Deployment Dashboard Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 4.3 |
| 2022-06-30 | CVE-2022-34800 | Insufficiently Protected Credentials vulnerability in Jenkins Build Notifications 1.4.2/1.4.3/1.5.0 Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 4.3 |
| 2022-06-30 | CVE-2022-34802 | Insufficiently Protected Credentials vulnerability in Jenkins Rocketchat Notifier Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 4.3 |
| 2022-06-30 | CVE-2022-34803 | Insufficiently Protected Credentials vulnerability in Jenkins Opsgenie Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission (config.xml), or access to the Jenkins controller file system. | 4.3 |
| 2022-06-30 | CVE-2022-34805 | Insufficiently Protected Credentials vulnerability in Jenkins Skype Notifier 1.0/1.0.1/1.1.0 Jenkins Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 |
| 2022-06-30 | CVE-2022-34806 | Insufficiently Protected Credentials vulnerability in Jenkins Jigomerge Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 6.5 |
| 2022-06-30 | CVE-2022-34807 | Insufficiently Protected Credentials vulnerability in Jenkins Elasticsearch Query 1.1/1.2 Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 |
| 2022-06-30 | CVE-2022-34808 | Insufficiently Protected Credentials vulnerability in Jenkins Cisco Spark Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 4.3 |