CVE-2025-46809

A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x8664/proxy-httpd:5.0.5.7.23.1: from ? befor...

CVE-2025-46809 Multi Linux Manager epxoses the plain text HTTP Proxy user:password in logs

A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x8664/proxy-httpd:5.0.5.7.23.1: from ? befor...

CVE-2025-46809 Multi Linux Manager epxoses the plain text HTTP Proxy user:password in logs

A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x8664/proxy-httpd:5.0.5.7.23.1: from ? befor...

CVE-2025-46809

CVE-2025-46809 is a vulnerability described as plaintext storage of a password: it exposes HTTP proxy credentials found in log files for SUSE Manager components. The affected items include container images and modules such as suse/manager/4.3/proxy-httpd, suse/manager/5.0/x86_64/proxy-httpd and -...

SUSE Manager 日志信息泄露漏洞

SUSE Manager is a Linux server management system from SUSE Germany. The system provides automated software management, system configuration and monitoring. A log information disclosure vulnerability exists in SUSE Manager that originates from exposing HTTP proxy credentials in log files...

PT-2025-31552 · Suse · Suse Multi Linux Manager +5

Name of the Vulnerable Software and Affected Versions: SUSE Multi Linux Manager versions prior to 5.0.27-150600.3.33.1 Image SLES15-SP4-Manager-Server-4-3-BYOS versions prior to 4.3.87-150400.3.110.2 Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure versions prior to 4.3.87-150400.3.110.2 Image...

CVE-2025-40680

Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT session token in plain text within different registry keys on the Windows operating system. Any authenticated local user with read access to the registry can extract the...

CVE-2025-40680

CapillaryScope v2.5.0 (Capillary io) stores proxy credentials and the JWT session token in plain text in Windows registry keys. This exposes sensitive data to any authenticated local user with registry read access, as noted across multiple sources (NVD/Red Hat/CIRCL/CVE records). The root cause i...

PT-2025-30662 · Microsoft +1 · Windows +1

Name of the Vulnerable Software and Affected Versions: CapillaryScope version 2.5.0 Description: The software lacks sensitive data encryption, storing proxy credentials and the JWT session token in plain text within Windows registry keys. Any authenticated local user with read access to the...

SUSE CVE-2025-46809

A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x8664/proxy-httpd:5.0.5.7.23.1: from ? befor...

CVE-2024-20490

A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller NDFC and Cisco Nexus Dashboard Orchestrator NDO could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in ...

CVE-2024-4472

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs...

CVE-2024-55557

ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials...

CVE-2023-25721

Veracode Scan Jenkins Plugin before 23.3.19.0, when the "Connect using proxy" option is enabled and configured with proxy credentials and when the Jenkins global system setting debug is enabled and when a scan is configured for remote agent jobs, allows users with access to view the job log to...

CVE-2023-28086

An HPE OneView appliance dump may expose proxy credential settings...

CVE-2020-15698

An issue was discovered in Joomla! through 3.9.19. Inadequate filtering on the system information screen could expose Redis or proxy credentials...

CVE-2019-17598

An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host...

BIT-JOOMLA-2020-15698

An issue was discovered in Joomla! through 3.9.19. Inadequate filtering on the system information screen could expose Redis or proxy credentials...

CVE-2025-1696 Exposure of Proxy Credentials in Docker Desktop Logs

A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration data—potentially including sensitive details—was written to log files in clear text whenever an...

CVE-2025-1696 Exposure of Proxy Credentials in Docker Desktop Logs

A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration data—potentially including sensitive details—was written to log files in clear text whenever an...