Vulnerabilities > Insufficiently Protected Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-29 | CVE-2019-4307 | Insufficiently Protected Credentials vulnerability in IBM Security Guardium BIG Data Intelligence 4.0 IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores user credentials in plain in clear text which can be read by a local user. | 5.5 |
| 2019-10-28 | CVE-2019-14929 | Insufficiently Protected Credentials vulnerability in multiple products An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. | 5.0 |
| 2019-10-23 | CVE-2019-10476 | Insufficiently Protected Credentials vulnerability in Jenkins Zulip Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 7.8 |
| 2019-10-23 | CVE-2019-10467 | Insufficiently Protected Credentials vulnerability in Jenkins Sonar Gerrit Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 |
| 2019-10-23 | CVE-2019-10461 | Insufficiently Protected Credentials vulnerability in Jenkins Dynatrace Application Monitoring Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 7.8 |
| 2019-10-23 | CVE-2019-10460 | Insufficiently Protected Credentials vulnerability in Jenkins Bitbucket Oauth Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 7.8 |
| 2019-10-23 | CVE-2019-10459 | Insufficiently Protected Credentials vulnerability in Jenkins Mattermost Notification Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 6.5 |
| 2019-10-18 | CVE-2019-17393 | Insufficiently Protected Credentials vulnerability in Tomedo Server 1.7.3 The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. | 5.0 |
| 2019-10-17 | CVE-2019-11284 | Insufficiently Protected Credentials vulnerability in Pivotal Reactor Netty Pivotal Reactor Netty, versions prior to 0.8.11, passes headers through redirects, including authorization ones. | 5.0 |
| 2019-10-16 | CVE-2019-10448 | Insufficiently Protected Credentials vulnerability in Jenkins Extensive Testing 1.4.3/1.4.4 Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 |