Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-03 | CVE-2020-5404 | Insufficiently Protected Credentials vulnerability in Pivotal Reactor Netty The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. | 5.9 |
| 2020-03-02 | CVE-2020-6794 | Insufficiently Protected Credentials vulnerability in multiple products If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. | 6.5 |
| 2020-02-27 | CVE-2020-3841 | Insufficiently Protected Credentials vulnerability in Apple Iphone OS The issue was addressed with improved UI handling. | 6.5 |
| 2020-02-20 | CVE-2014-4659 | Insufficiently Protected Credentials vulnerability in Redhat Ansible Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format. | 5.5 |
| 2020-02-20 | CVE-2014-4660 | Insufficiently Protected Credentials vulnerability in Redhat Ansible Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb http://user:pass@server:port/" format. | 5.5 |
| 2020-02-12 | CVE-2020-2133 | Insufficiently Protected Credentials vulnerability in Jenkins Applatix 1.1 Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 |
| 2020-02-12 | CVE-2020-2132 | Insufficiently Protected Credentials vulnerability in Jenkins Parasoft Environment Manager Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 |
| 2020-02-12 | CVE-2020-2131 | Insufficiently Protected Credentials vulnerability in Jenkins Harvest SCM Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 |
| 2020-02-12 | CVE-2020-2130 | Insufficiently Protected Credentials vulnerability in Jenkins Harvest SCM Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | 6.5 |
| 2020-02-12 | CVE-2020-2129 | Insufficiently Protected Credentials vulnerability in Jenkins Eagle Tester Jenkins Eagle Tester Plugin 1.0.9 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | 6.5 |