144 matches found
Couchbase Sync Gateway信息泄露漏洞
Couchbase Sync Gateway is a secure web gateway for data access and data synchronization over the web from Couchbase, Inc. A security vulnerability exists in Couchbase Sync Gateway 2.7.0 through 2.8.2, which stems from the fact that the bucket credentials used to read and write data in Couchbase...
CVE-2021-41023
A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows an authenticated user to disclosure agent password due to plaintext credential storage in log files...
CVE-2021-36165
RICON Industrial Cellular Router S9922L 16.10.33794 is affected by cleartext storage of sensitive information and sends username and password as base64...
CVE-2021-20439
IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user...
PT-2021-14708 · Xebialabs +1 · Jenkins Xebialabs Xl Deploy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins XebiaLabs XL Deploy Plugin versions 10.0.1 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through...
CVE-2021-27392
A vulnerability has been identified in Siveillance Video Open Network Bridge 2020 R3, Siveillance Video Open Network Bridge 2020 R2, Siveillance Video Open Network Bridge 2020 R1, Siveillance Video Open Network Bridge 2019 R3, Siveillance Video Open Network Bridge 2019 R2, Siveillance Video Open...
CVE-2020-27557
Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials...
IBM Verify Gateway (IVG) User Credentials Plaintext Storage Vulnerability
IBM Verify Gateway IVG is a cloud-based authentication solution from IBM in the United States. A user credentials plaintext storage vulnerability exists in IBM Verify Gateway IVG. A local attacker could exploit this vulnerability to read user credentials...
HCL BigFix Platform Credentials Plaintext Storage Vulnerability
HCL BigFix Platform is a suite of endpoint security management platform from HCL India. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in HCL BigFix Platform that stems from the program storing credentials in...
CVE-2019-4668
IBM UrbanCode Deploy UCD 7.0.4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171250...
PT-2019-14727 · Jenkins · Jenkins Weibo Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Weibo Plugin versions 1.0.1 and earlier Description: The issue allows credentials to be stored unencrypted in the global configuration file on the Jenkins master. This can be viewed by users with access to the master file system...
PT-2019-11855 · Jenkins · Jenkins Dynatrace Application Monitoring Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Dynatrace Application Monitoring Plugin versions 2.1.3 and earlier Jenkins Dynatrace Application Monitoring Plugin versions prior to 2.1.4 Description: The issue concerns the storage of credentials in the global configuration file on...
Design/Logic Flaw
Jenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
PT-2019-11814 · Jenkins · Jenkins Assembla Auth Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Assembla Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file of the Jenkins Assembla Plugin on the Jenkins master or controlle...
PT-2019-11819 · Jenkins · Jenkins Google Calendar Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Google Calendar Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner in job config.xml files on the Jenkins master. Specifically, the Google Calendar Plugin stores ...
PT-2019-17132 · Ibm · Ibm Security Key Lifecycle Manager
Name of the Vulnerable Software and Affected Versions: IBM Security Key Lifecycle Manager versions 3.0 through 3.0.1 Description: The issue allows a local user to read user credentials stored in plain text. Recommendations: For versions 3.0 and 3.0.1, consider restricting access to the credential...
PT-2019-11757 · Jenkins · Jenkins Maven Release Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Maven Release Plugin versions 0.14.0 and earlier Description: The issue concerns the storage of credentials in an unencrypted manner on the Jenkins master, allowing users with access to the master file system to view them. Specificall...
Design/Logic Flaw
Jenkins Mashup Portlets Plugin stored credentials unencrypted on the Jenkins master where they can be viewed by users with access to the master file system...
PT-2019-11746 · Jenkins · Jenkins Mashup Portlets Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Mashup Portlets Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner on the Jenkins master, making them accessible to users with file system access. Recommendations...
CVE-2019-11402
In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format...