Vulnerabilities (CVE)

CWE filter

CWE-312

Filter

43 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-15023 1 Zingbox 1 Inspector 2019-10-11 5.0
A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration.
CVE-2019-17106 1 Centreon 1 Centreon Web 2019-10-10 4.0
In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components.
CVE-2019-4566 1 Ibm 1 Security Key Lifecycle Manager 2019-10-09 2.1
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 166627.
CVE-2019-10426 1 Jenkins 1 Gem Publisher 2019-10-09 2.1
Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CVE-2019-10425 1 Jenkins 1 Google Calendar 2019-10-09 4.0
Jenkins Google Calendar Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVE-2019-10424 1 Jenkins 1 Eloyente 2019-10-09 2.1
Jenkins elOyente Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CVE-2019-10423 1 Jenkins 1 Codescan 2019-10-09 2.1
Jenkins CodeScan Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CVE-2019-10422 1 Jenkins 1 Call Remote Job 2019-10-09 4.0
Jenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVE-2019-10421 1 Jenkins 1 Azure Event Grid Notifier 2019-10-09 4.0
Jenkins Azure Event Grid Build Notifier Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVE-2019-10420 1 Jenkins 1 Assembla 2019-10-09 2.1
Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CVE-2019-10419 1 Jenkins 1 Vfabric Application Director 2019-10-09 2.1
Jenkins vFabric Application Director Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CVE-2019-10416 1 Jenkins 1 Violation Comments To Gitlab 2019-10-09 4.0
Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.
CVE-2019-10415 1 Jenkins 1 Violation Comments To Gitlab 2019-10-09 4.0
Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
CVE-2019-10414 1 Jenkins 1 Git Changelog 2019-10-09 3.5
Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.
CVE-2019-10413 1 Jenkins 1 Data Theorem Mobile App Security 2019-10-09 4.0
Jenkins Data Theorem: CI/CD Plugin 1.3 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.
CVE-2018-5559 1 Rapid7 1 Komand 2019-10-09 4.0
In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from the API response sent over...
CVE-2018-1877 1 Ibm 1 Robotic Process Automation With Automation Anywhere 2019-10-09 2.1
IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. IBM X-Force ID: 151713.
CVE-2018-1621 1 Ibm 1 Websphere Application Server 2019-10-09 2.1
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346.
CVE-2018-17499 1 Envoy 1 Passport 2019-10-09 2.1
Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of unencrypted data in logs. An attacker could exploit this vulnerability to obtain two API keys, a token...
CVE-2018-17489 1 Hidglobal 1 Easylobby Solo 2019-10-09 2.1
EasyLobby Solo could allow a local attacker to obtain sensitive information, caused by the storing of the social security number in plaintext. By visiting the kiosk and viewing the Visitor table of the database, an attacker could exploit this...