Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-15 | CVE-2022-27206 | Insufficiently Protected Credentials vulnerability in Jenkins Gitlab Authentication Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 |
| 2022-03-15 | CVE-2022-27216 | Insufficiently Protected Credentials vulnerability in Jenkins Dbcharts 0.4/0.5.2 Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 6.5 |
| 2022-03-15 | CVE-2022-27217 | Insufficiently Protected Credentials vulnerability in Jenkins VMWare Vrealize Codestream Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 6.5 |
| 2022-03-15 | CVE-2022-27218 | Insufficiently Protected Credentials vulnerability in Jenkins Incapptic Connect Uploader Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 4.3 |
| 2022-03-02 | CVE-2021-23222 | Insufficiently Protected Credentials vulnerability in Postgresql A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. | 5.9 |
| 2022-02-26 | CVE-2022-22908 | Insufficiently Protected Credentials vulnerability in Sangfor VDI Client 5.4.2.1006 SangforCSClient.exe in Sangfor VDI Client 5.4.2.1006 allows attackers, when they are able to read process memory, to discover the contents of the Username and Password fields. | 5.5 |
| 2022-02-24 | CVE-2022-24610 | Insufficiently Protected Credentials vulnerability in Alecto Dvc-215Ip Firmware Settings/network settings/wireless settings on the Alecto DVC-215IP camera version 63.1.1.173 and below shows the Wi-Fi passphrase hidden, but by editing/removing the style of the password field the password becomes visible which grants access to an internal network connected to the camera. | 8.6 |
| 2022-02-16 | CVE-2022-24982 | Insufficiently Protected Credentials vulnerability in Jqueryform Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to access the cleartext credentials of all other form users. | 6.5 |
| 2022-02-15 | CVE-2022-25184 | Insufficiently Protected Credentials vulnerability in Jenkins Pipeline: Build Step Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Read permission to retrieve the default password parameter value from jobs. | 6.5 |
| 2022-02-11 | CVE-2021-22798 | Insufficiently Protected Credentials vulnerability in Schneider-Electric Conext Combox Firmware A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive data such as login credentials being exposed when a Network is sniffed. | 7.5 |