Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-20 | CVE-2014-4659 | Insufficiently Protected Credentials vulnerability in Redhat Ansible Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format. | 5.5 |
| 2020-02-20 | CVE-2014-4660 | Insufficiently Protected Credentials vulnerability in Redhat Ansible Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb http://user:pass@server:port/" format. | 5.5 |
| 2020-02-12 | CVE-2020-2133 | Insufficiently Protected Credentials vulnerability in Jenkins Applatix 1.1 Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 |
| 2020-02-12 | CVE-2020-2132 | Insufficiently Protected Credentials vulnerability in Jenkins Parasoft Environment Manager Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 |
| 2020-02-12 | CVE-2020-2131 | Insufficiently Protected Credentials vulnerability in Jenkins Harvest SCM Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 |
| 2020-02-12 | CVE-2020-2130 | Insufficiently Protected Credentials vulnerability in Jenkins Harvest SCM Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | 6.5 |
| 2020-02-12 | CVE-2020-2129 | Insufficiently Protected Credentials vulnerability in Jenkins Eagle Tester Jenkins Eagle Tester Plugin 1.0.9 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | 6.5 |
| 2020-02-12 | CVE-2020-2128 | Insufficiently Protected Credentials vulnerability in Jenkins ECX Copy Data Management Jenkins ECX Copy Data Management Plugin 1.9 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | 4.3 |
| 2020-02-12 | CVE-2020-2127 | Insufficiently Protected Credentials vulnerability in Jenkins BMC Release Package and Deployment 1.0/1.1 Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 4.3 |
| 2020-02-12 | CVE-2020-2126 | Insufficiently Protected Credentials vulnerability in Jenkins Digitalocean Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system. | 4.3 |