78 matches found
CVE-2019-10345
Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret to be masked when logging or encrypted for export...
CVE-2005-2076
HP Version Control Repository Manager VCRM before 2.1.1.730 does not properly handle the "@" character in a proxy password, which could allow attackers with physical access to obtain portions of the password when it is displayed to the screen...
BIT-GITLAB-2024-4278 Incorrect Synchronization in GitLab
An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting...
PT-2024-30151 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 16.5 through 17.2.7 GitLab EE versions 17.3 through 17.3.3 GitLab EE versions 17.4 through 17.4.0 Description: An information disclosure issue has been discovered in GitLab EE. A maintainer could obtain a Dependency Proxy...
CVE-2023-39379
Fujitsu Software Infrastructure Manager ISM stores sensitive information at the product's maintenance data ismsnap in cleartext form. As a result, the password for the proxy server that is configured in ISM may be retrieved. Affected products and versions are as follows: Fujitsu Software...
Fujitsu Software Infrastructure Manager (ISM) stores sensitive information in cleartext
Overview Fujitsu Software Infrastructure Manager ISM V2.8.0.060, provided by Fujitsu Limited, stores the password for the proxy server in cleartext form to the product's maintenance data ismsnap CWE-312 under the following conditions. Using a proxy server that requires authentication in the...
SUSE-SU-2022:4442-1 Security update for SUSE Manager Server 4.2
This update fixes the following issues: spacewalk-java: - Version 4.2.44-1 Do not disclose Proxy password in browser console log. bsc1205339 spacewalk-web: - Version 4.2.31-1 Do not log Proxy password in browser console log. bsc1205339 susemanager-sync-data: - Version 4.2.14-1 Add SUSE Linux...
PT-2022-37537 · Red Hat · Spacewalk-Java +1
Name of the Vulnerable Software and Affected Versions: spacewalk-java versions 4.2.44-1 and earlier spacewalk-web versions 4.2.31-1 and earlier Description: The issue concerns the disclosure of the Proxy password in the browser console log. This problem is resolved by updating the affected...
Liferay Portal and Liferay DXP May Reveal S3 Store's Proxy Password
The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 does not obfuscate the S3 store's proxy password, which allows attackers to steal the proxy password via man-in-the-middl...
GHSA-XX2H-2HF5-V7VV Liferay Portal and Liferay DXP May Reveal S3 Store's Proxy Password
The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 does not obfuscate the S3 store's proxy password, which allows attackers to steal the proxy password via man-in-the-middl...
Jenkins Data Theorem Mobile Security: CI/CD Plugin has Insufficiently Protected Credentials
Data Theorem Mobile Security: CI/CD Plugin stored a proxy password unencrypted in job config.xml files on the Jenkins controller. This password could be viewed by users with Extended Read permission, or access to the Jenkins controller file system. Data Theorem Mobile Security: CI/CD Plugin now...
GHSA-JJMV-6FV4-85VF Jenkins Data Theorem Mobile Security: CI/CD Plugin has Insufficiently Protected Credentials
Data Theorem Mobile Security: CI/CD Plugin stored a proxy password unencrypted in job config.xml files on the Jenkins controller. This password could be viewed by users with Extended Read permission, or access to the Jenkins controller file system. Data Theorem Mobile Security: CI/CD Plugin now...
Plaintext Storage of a Password in Jenkins Configuration as Code Plugin
Jenkins Configuration as Code Plugin prior to version 1.25 did not treat the proxy password as a secret to be masked when logging or encrypted for export...
CVE-2021-22799
A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from the registry. Affected Product: Schneider Electric Software Update, V2.3.0 through V2.5.1...
CVE-2021-22799
A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from the registry. Affected Product: Schneider Electric Software Update, V2.3.0 through V2.5.1...
CVE-2021-22799
Schneider Electric Software Update (SESU) versions 2.3.0–2.5.1 are affected by CWE-331 (Insufficient Entropy). The vulnerability could allow an attacker who decrypts the SESU proxy password stored in the registry to trigger an unintended connection from an internal network to an external network....
CVE-2021-34417
The network proxy page on the web portal for the Zoom On-Premise Meeting Connector Controller before version 4.6.365.20210703, Zoom On-Premise Meeting Connector MMR before version 4.6.365.20210703, Zoom On-Premise Recording Connector before version 3.8.45.20210703, Zoom On-Premise Virtual Room...
CVE-2021-34417
The network proxy page on the web portal for the Zoom On-Premise Meeting Connector Controller before version 4.6.365.20210703, Zoom On-Premise Meeting Connector MMR before version 4.6.365.20210703, Zoom On-Premise Recording Connector before version 3.8.45.20210703, Zoom On-Premise Virtual Room...
Zoom 多款产品输入验证错误漏洞
ZOOM Zoom Call Recording is a scalable session recording management solution.ZOOM on-premise Meeting Connector is a meeting connector.Zoom On- Premise Meeting Connector Controller and others are products of Zoom USA.Zoom On-Premise Meeting Connector Controller is an on-premise meeting connector. ...
Information Disclosure
com.liferay.portal.store.s3 is vulnerable to information disclosure. The S3 store's proxy password is not obfuscated, allowing attackers to steal the password via man-in-the-middle attacks or shoulder surfing...