Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-02 | CVE-2020-2213 | Insufficiently Protected Credentials vulnerability in Jenkins White Source Jenkins White Source Plugin 19.1.1 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission (config.xml), or access to the master file system. | 4.3 |
| 2020-07-02 | CVE-2020-2212 | Insufficiently Protected Credentials vulnerability in Jenkins Github Coverage Reporter Jenkins GitHub Coverage Reporter Plugin 1.8 and earlier stores secrets unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system or read permissions on the system configuration. | 4.3 |
| 2020-07-02 | CVE-2020-2209 | Insufficiently Protected Credentials vulnerability in Jenkins Testcomplete Support Jenkins TestComplete support Plugin 2.4.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | 4.3 |
| 2020-07-02 | CVE-2020-2208 | Insufficiently Protected Credentials vulnerability in Jenkins Slack Upload Jenkins Slack Upload Plugin 1.7 and earlier stores a secret unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | 4.3 |
| 2020-07-02 | CVE-2020-3391 | Insufficiently Protected Credentials vulnerability in Cisco Digital Network Architecture Center A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. | 6.5 |
| 2020-07-01 | CVE-2020-5899 | Insufficiently Protected Credentials vulnerability in F5 Nginx Controller In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address of another registered user then retrieve the recovery code. | 7.8 |
| 2020-06-29 | CVE-2019-18256 | Insufficiently Protected Credentials vulnerability in Biotronik products BIOTRONIK CardioMessenger II, The affected products use individual per-device credentials that are stored in a recoverable format. | 4.6 |
| 2020-06-26 | CVE-2020-10727 | Insufficiently Protected Credentials vulnerability in multiple products A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. | 5.5 |
| 2020-06-19 | CVE-2020-14930 | Insufficiently Protected Credentials vulnerability in BT Ctroms Terminal Project BT Ctroms Terminal An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. | 8.1 |
| 2020-06-19 | CVE-2018-21248 | Insufficiently Protected Credentials vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.4.0. | 7.5 |