Vulnerabilities > Insufficiently Protected Credentials

DATE CVE VULNERABILITY TITLE RISK
2019-05-09 CVE-2019-11820 Insufficiently Protected Credentials vulnerability in Synology Calendar
Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline.
local
low complexity
synology CWE-522
2.1
2019-04-30 CVE-2019-10318 Insufficiently Protected Credentials vulnerability in Jenkins Azure AD
Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system.
network
low complexity
jenkins CWE-522
8.8
2019-04-30 CVE-2019-10316 Insufficiently Protected Credentials vulnerability in Jenkins Aqua Microscanner
Jenkins Aqua MicroScanner Plugin 1.0.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
network
low complexity
jenkins CWE-522
8.8
2019-04-30 CVE-2019-10313 Insufficiently Protected Credentials vulnerability in Jenkins Twitter
Jenkins Twitter Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
network
low complexity
jenkins CWE-522
8.8
2019-04-22 CVE-2019-11402 Insufficiently Protected Credentials vulnerability in Gradle Enterprise
In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format.
network
low complexity
gradle CWE-522
critical
9.8
2019-04-19 CVE-2019-11350 Insufficiently Protected Credentials vulnerability in Cloudbees Jenkins Operations Center 2.150.2.3
CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows Cleartext Password Storage and Retrieval via the proxy configuration page.
network
low complexity
cloudbees CWE-522
5.0
2019-04-18 CVE-2019-10303 Insufficiently Protected Credentials vulnerability in Jenkins Azure Publishersettings Credentials 1.0/1.1/1.2
Jenkins Azure PublisherSettings Credentials Plugin 1.2 and earlier stored credentials unencrypted in the credentials.xml file on the Jenkins master where they could be viewed by users with access to the master file system.
network
low complexity
jenkins CWE-522
8.8
2019-04-18 CVE-2019-10302 Insufficiently Protected Credentials vulnerability in Jenkins Jira-Ext
Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
network
low complexity
jenkins CWE-522
8.8
2019-04-15 CVE-2019-6609 Insufficiently Protected Credentials vulnerability in F5 products
Platform dependent weakness.
network
low complexity
f5 CWE-522
5.0
2019-04-10 CVE-2019-0035 Insufficiently Protected Credentials vulnerability in Juniper Junos 15.1/15.1X49/15.1X53
When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected.
local
low complexity
juniper CWE-522
7.2