Vulnerabilities > Insufficiently Protected Credentials

DATE CVE VULNERABILITY TITLE RISK
2019-04-04 CVE-2019-1003097 Insufficiently Protected Credentials vulnerability in Jenkins Crowd Integration 1.0/1.1/1.2
Jenkins Crowd Integration Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
network
low complexity
jenkins CWE-522
6.5
6.5
2019-04-04 CVE-2019-1003096 Insufficiently Protected Credentials vulnerability in Jenkins Testfairy
Jenkins TestFairy Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
network
low complexity
jenkins CWE-522
6.5
6.5
2019-03-28 CVE-2019-1003045 Insufficiently Protected Credentials vulnerability in Trustsource ECS Publisher 1.0.0
A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token configured in this plugin's configuration.
network
low complexity
trustsource CWE-522
6.5
6.5
2019-03-27 CVE-2018-19466 Insufficiently Protected Credentials vulnerability in Portainer
A vulnerability was found in Portainer before 1.20.0.
network
low complexity
portainer CWE-522
critical
 9.8
9.8
2019-03-21 CVE-2019-9868 Insufficiently Protected Credentials vulnerability in Veritas Netbackup Appliance
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2.
network
low complexity
veritas CWE-522
7.2
7.2
2019-03-21 CVE-2019-9867 Insufficiently Protected Credentials vulnerability in Veritas Netbackup Appliance
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2.
network
low complexity
veritas CWE-522
7.2
7.2
2019-03-21 CVE-2019-5723 Insufficiently Protected Credentials vulnerability in Portier 4.4.4.2/4.4.4.6
An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6.
network
low complexity
portier CWE-522
critical
 9.8
9.8
2019-03-21 CVE-2018-17500 Insufficiently Protected Credentials vulnerability in Envoy Passport 2.2.5/2.4.0
Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext.
local
low complexity
envoy CWE-522
7.8
7.8
2019-03-08 CVE-2019-1003039 Insufficiently Protected Credentials vulnerability in Jenkins Appdynamics
An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java that allows attackers without permission to obtain passwords configured in jobs to obtain them.
network
low complexity
jenkins CWE-522
8.8
8.8
2019-03-08 CVE-2019-1003038 Insufficiently Protected Credentials vulnerability in Jenkins Repository Connector
An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g.
local
low complexity
jenkins CWE-522
7.8
7.8