Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-17 | CVE-2022-30952 | Insufficiently Protected Credentials vulnerability in Jenkins Blue Ocean Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins. | 6.5 |
| 2022-05-16 | CVE-2022-29588 | Insufficiently Protected Credentials vulnerability in Konicaminolta products Konica Minolta bizhub MFP devices before 2022-04-14 use cleartext password storage for the /var/log/nginx/html/ADMINPASS and /etc/shadow files. | 7.5 |
| 2022-05-06 | CVE-2022-28005 | Insufficiently Protected Credentials vulnerability in 3CX An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. | 9.8 |
| 2022-05-03 | CVE-2021-46440 | Insufficiently Protected Credentials vulnerability in Strapi Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to getting API documentation for further API attacks. | 7.5 |
| 2022-04-21 | CVE-2022-26856 | Insufficiently Protected Credentials vulnerability in Dell EMC Repository Manager 3.4.0 Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. | 7.8 |
| 2022-04-21 | CVE-2022-24867 | Insufficiently Protected Credentials vulnerability in Glpi-Project Glpi GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. | 7.5 |
| 2022-04-18 | CVE-2022-29457 | Insufficiently Protected Credentials vulnerability in Zohocorp products Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps. | 8.8 |
| 2022-04-18 | CVE-2021-3681 | Insufficiently Protected Credentials vulnerability in Redhat Ansible Automation Platform and Ansible Galaxy A flaw was found in Ansible Galaxy Collections. | 5.5 |
| 2022-04-12 | CVE-2022-29052 | Insufficiently Protected Credentials vulnerability in Jenkins Google Compute Engine Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 4.3 |
| 2022-04-12 | CVE-2022-22550 | Insufficiently Protected Credentials vulnerability in Dell EMC Powerscale Onefs Dell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability. | 6.7 |