GHSA-4P59-P85X-F3WX Jenkins Delphix Plugin vulnerable to Cleartext credential storage

Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

Cleartext Storage of Sensitive Information in Jenkins ElasticBox CI Plugin

Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

GHSA-R9XC-54CQ-99R7 Cleartext Storage of Sensitive Information in Jenkins ElasticBox CI Plugin

Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

Jenkins NeoLoad Plugin stores credentials in cleartext

Jenkins NeoLoad Plugin prior to version 2.2.6 stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

GHSA-98P6-6428-77V7 Jenkins NeoLoad Plugin stores credentials in cleartext

Jenkins NeoLoad Plugin prior to version 2.2.6 stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

Jenkins elOyente Plugin has Insufficiently Protected Credentials

elOyente Plugin stores a password unencrypted in its global configuration file com.technicolor.eloyente.ElOyente.xml on the Jenkins controller. This password can be viewed by users with access to the Jenkins controller file system. As of publication of this advisory, there is no fix...

GHSA-HX82-2GGV-VWM5 Jenkins vFabric Application Director Plugin Insufficiently Protected Credentials

vFabric Application Director Plugin stores the Application Director password unencrypted in its global configuration file jfullam.vfabric.jenkins.plugin.ApplicationDirectorPostBuildDeployer.xml on the Jenkins controller. This password can be viewed by users with access to the Jenkins controller...

GHSA-QCFR-65HF-F98X Jenkins TestLink Plugin stores credentials in plain text

Jenkins TestLink Plugin stores credentials unencrypted in its global configuration file hudson.plugins.testlink.TestLinkBuilder.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system. As of publication of this advisory, there is n...

GHSA-C3R5-VXJ6-62MC Jenkins Google Cloud Messaging Notification Plugin stores credentials in plain text

Jenkins Google Cloud Messaging Notification Plugin 1.0 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

GHSA-3H69-4FRW-G2JM Magento 2 Community Unrestricted File Upload

A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to the import feature can make modifications to a configuration file, resulting in potentially unauthorized removal o...

Magento 2 Community Unrestricted File Upload

A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to the import feature can make modifications to a configuration file, resulting in potentially unauthorized removal o...

Jenkins Maven Release Plug-in Plugin stored credentials in plain text

Jenkins Maven Release Plug-in Plugin stored credentials unencrypted in its global configuration file org.jvnet.hudson.plugins.m2release.M2ReleaseBuildWrapper.xml on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system. Maven Release...

GHSA-5HHG-Q22C-6G39 Jenkins Port Allocator Plugin stores credentials in plain text

Jenkins Port Allocator Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. As of publication of this advisory, there is no fix...

Password in config file in KIE server

It has been reported that KIE server and Busitess Central before version 7.21.0.Final contain username and password as plaintext Java properties. Any app deployed on the same server would have access to these properties, thus granting access to ther services...

Jenkins Azure AD Plugin stored the client secret unencrypted

Jenkins Azure AD Plugin stored the client secret unencrypted in the global config.xml configuration file on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system. Azure AD Plugin now stores the client secret encrypted...

Jenkins Aqua MicroScanner Plugin stored credentials in plain text

Jenkins Aqua MicroScanner Plugin stored credentials unencrypted in its global configuration file on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system. Aqua MicroScanner Plugin now stores credentials encrypted...

Jenkins Twitter Plugin stores credentials in plain text

Jenkins Twitter Plugin stores credentials unencrypted in its global configuration file on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system. As of publication of this advisory, there is no fix...

CVE-2020-29600

In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501...

Rengine 安全漏洞

Rengine is an automated reconnaissance framework for gathering information during penetration testing of web applications. A security vulnerability exists in Rengine version 1.0.2, which stems from the discovery of a Remote Code Execution RCE vulnerability via the yaml configuration function...

CVE-2022-30018

Mobotix Control Center MxCC through 2.5.4.5 has Insufficiently Protected Credentials, Storing Passwords in a Recoverable Format via the MxCC.ini config file. The credential storage method in this software enables an attacker/user of the machine to gain admin access to the software and gain access...