Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-12 | CVE-2020-2128 | Insufficiently Protected Credentials vulnerability in Jenkins ECX Copy Data Management Jenkins ECX Copy Data Management Plugin 1.9 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | 4.3 |
| 2020-02-12 | CVE-2020-2127 | Insufficiently Protected Credentials vulnerability in Jenkins BMC Release Package and Deployment 1.0/1.1 Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 4.3 |
| 2020-02-12 | CVE-2020-2126 | Insufficiently Protected Credentials vulnerability in Jenkins Digitalocean Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system. | 4.3 |
| 2020-02-12 | CVE-2020-2125 | Insufficiently Protected Credentials vulnerability in Jenkins Debian Package Builder Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | 4.3 |
| 2020-02-12 | CVE-2020-2124 | Insufficiently Protected Credentials vulnerability in Jenkins Dynamic Extended Choice Parameter 1.0.0/1.0.1 Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | 4.3 |
| 2020-02-12 | CVE-2020-2119 | Insufficiently Protected Credentials vulnerability in Jenkins Azure AD Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 5.3 |
| 2020-02-12 | CVE-2020-2114 | Insufficiently Protected Credentials vulnerability in Jenkins S3 Publisher Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 7.5 |
| 2020-02-05 | CVE-2020-6969 | Insufficiently Protected Credentials vulnerability in Automationdirect products It is possible to unmask credentials and other sensitive information on “unprotected” project files, which may allow an attacker to remotely access the C-More Touch Panels EA9 series: firmware versions prior to 6.53 and manipulate system configurations. | 10.0 |
| 2020-02-04 | CVE-2013-7055 | Insufficiently Protected Credentials vulnerability in Dlink Dir-100 Firmware 4.03B07 D-Link DIR-100 4.03B07 has PPTP and poe information disclosure | 9.8 |
| 2020-02-04 | CVE-2013-7052 | Insufficiently Protected Credentials vulnerability in Dlink Dir-100 Firmware 4.03B07 D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script | 9.8 |