Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-03 | CVE-2020-2198 | Insufficiently Protected Credentials vulnerability in Jenkins Project Inheritance Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure. | 6.5 |
| 2020-06-01 | CVE-2014-9702 | Insufficiently Protected Credentials vulnerability in 2Pisoftware Cmfive system/classes/DbPDO.php in Cmfive through 2015-03-15, when database connectivity malfunctions, allows remote attackers to obtain sensitive information (username and password) via any request, such as a password reset request. | 7.5 |
| 2020-06-01 | CVE-2014-8938 | Insufficiently Protected Credentials vulnerability in Piwigo Lexiglot Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line. | 7.8 |
| 2020-05-14 | CVE-2019-13023 | Insufficiently Protected Credentials vulnerability in Jetstream Jetselect An issue was discovered in all versions of Bond JetSelect. | 6.5 |
| 2020-05-07 | CVE-2014-1423 | Insufficiently Protected Credentials vulnerability in multiple products signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. | 5.5 |
| 2020-05-07 | CVE-2020-10972 | Insufficiently Protected Credentials vulnerability in Wavlink products An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. | 7.5 |
| 2020-05-07 | CVE-2019-18868 | Insufficiently Protected Credentials vulnerability in Blaauwproducts Remote Kiln Control 3.0.0 Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak. | 9.8 |
| 2020-05-06 | CVE-2020-2182 | Insufficiently Protected Credentials vulnerability in Jenkins Credentials Binding Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances. | 4.3 |
| 2020-05-06 | CVE-2020-2181 | Insufficiently Protected Credentials vulnerability in Jenkins Credentials Binding Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps. | 6.5 |
| 2020-04-27 | CVE-2020-11821 | Insufficiently Protected Credentials vulnerability in Rukovoditel 2.5.2 In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. | 5.3 |