Lucene search
+L

78 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:25 a.m.17 views

CVE-2019-10345

Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret to be masked when logging or encrypted for export...

5.5CVSS7AI score0.0033EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:50 p.m.9 views

CVE-2005-2076

HP Version Control Repository Manager VCRM before 2.1.1.730 does not properly handle the "@" character in a proxy password, which could allow attackers with physical access to obtain portions of the password when it is displayed to the screen...

2.1CVSS6.7AI score0.00514EPSS
Exploits0References1
OSV
OSV
added 2024/09/27 7:24 a.m.149 views

BIT-GITLAB-2024-4278 Incorrect Synchronization in GitLab

An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting...

5.5CVSS4.1AI score0.00233EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/09/25 12:0 a.m.5 views

PT-2024-30151 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 16.5 through 17.2.7 GitLab EE versions 17.3 through 17.3.3 GitLab EE versions 17.4 through 17.4.0 Description: An information disclosure issue has been discovered in GitLab EE. A maintainer could obtain a Dependency Proxy...

5.5CVSS6.5AI score0.00233EPSS
Exploits0References9
OSV
OSV
added 2023/08/04 10:15 a.m.4 views

CVE-2023-39379

Fujitsu Software Infrastructure Manager ISM stores sensitive information at the product's maintenance data ismsnap in cleartext form. As a result, the password for the proxy server that is configured in ISM may be retrieved. Affected products and versions are as follows: Fujitsu Software...

7.5CVSS5.7AI score0.00351EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/04 8:31 a.m.3 views

Fujitsu Software Infrastructure Manager (ISM) stores sensitive information in cleartext

Overview Fujitsu Software Infrastructure Manager ISM V2.8.0.060, provided by Fujitsu Limited, stores the password for the proxy server in cleartext form to the product's maintenance data ismsnap CWE-312 under the following conditions. Using a proxy server that requires authentication in the...

7.5CVSS6.8AI score0.00351EPSS
Exploits0References5
OSV
OSV
added 2022/12/13 7:39 a.m.1 views

SUSE-SU-2022:4442-1 Security update for SUSE Manager Server 4.2

This update fixes the following issues: spacewalk-java: - Version 4.2.44-1 Do not disclose Proxy password in browser console log. bsc1205339 spacewalk-web: - Version 4.2.31-1 Do not log Proxy password in browser console log. bsc1205339 susemanager-sync-data: - Version 4.2.14-1 Add SUSE Linux...

7.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/12/13 12:0 a.m.3 views

PT-2022-37537 · Red Hat · Spacewalk-Java +1

Name of the Vulnerable Software and Affected Versions: spacewalk-java versions 4.2.44-1 and earlier spacewalk-web versions 4.2.31-1 and earlier Description: The issue concerns the disclosure of the Proxy password in the browser console log. This problem is resolved by updating the affected...

7.3AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 7:2 p.m.7 views

Liferay Portal and Liferay DXP May Reveal S3 Store's Proxy Password

The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 does not obfuscate the S3 store's proxy password, which allows attackers to steal the proxy password via man-in-the-middl...

5.9CVSS6.8AI score0.00738EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2022/05/24 7:2 p.m.3 views

GHSA-XX2H-2HF5-V7VV Liferay Portal and Liferay DXP May Reveal S3 Store's Proxy Password

The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 does not obfuscate the S3 store's proxy password, which allows attackers to steal the proxy password via man-in-the-middl...

5.9CVSS5.9AI score0.00738EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 4:56 p.m.28 views

Jenkins Data Theorem Mobile Security: CI/CD Plugin has Insufficiently Protected Credentials

Data Theorem Mobile Security: CI/CD Plugin stored a proxy password unencrypted in job config.xml files on the Jenkins controller. This password could be viewed by users with Extended Read permission, or access to the Jenkins controller file system. Data Theorem Mobile Security: CI/CD Plugin now...

6.5CVSS1.8AI score0.01001EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/24 4:56 p.m.26 views

GHSA-JJMV-6FV4-85VF Jenkins Data Theorem Mobile Security: CI/CD Plugin has Insufficiently Protected Credentials

Data Theorem Mobile Security: CI/CD Plugin stored a proxy password unencrypted in job config.xml files on the Jenkins controller. This password could be viewed by users with Extended Read permission, or access to the Jenkins controller file system. Data Theorem Mobile Security: CI/CD Plugin now...

4.3CVSS6.5AI score0.01001EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 4:51 p.m.29 views

Plaintext Storage of a Password in Jenkins Configuration as Code Plugin

Jenkins Configuration as Code Plugin prior to version 1.25 did not treat the proxy password as a secret to be masked when logging or encrypted for export...

5.5CVSS2.9AI score0.0033EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/01/28 8:15 p.m.5 views

CVE-2021-22799

A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from the registry. Affected Product: Schneider Electric Software Update, V2.3.0 through V2.5.1...

3.8CVSS5.8AI score0.00237EPSS
Exploits0References1
NVD
NVD
added 2022/01/28 8:15 p.m.11 views

CVE-2021-22799

A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from the registry. Affected Product: Schneider Electric Software Update, V2.3.0 through V2.5.1...

3.8CVSS0.00237EPSS
Exploits0References1
CVE
CVE
added 2022/01/28 7:9 p.m.54 views

CVE-2021-22799

Schneider Electric Software Update (SESU) versions 2.3.0–2.5.1 are affected by CWE-331 (Insufficient Entropy). The vulnerability could allow an attacker who decrypts the SESU proxy password stored in the registry to trigger an unintended connection from an internal network to an external network....

3.8CVSS4.4AI score0.00237EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/11/11 11:15 p.m.35 views

CVE-2021-34417

The network proxy page on the web portal for the Zoom On-Premise Meeting Connector Controller before version 4.6.365.20210703, Zoom On-Premise Meeting Connector MMR before version 4.6.365.20210703, Zoom On-Premise Recording Connector before version 3.8.45.20210703, Zoom On-Premise Virtual Room...

9CVSS0.01238EPSS
Exploits0References1
OSV
OSV
added 2021/11/11 11:15 p.m.4 views

CVE-2021-34417

The network proxy page on the web portal for the Zoom On-Premise Meeting Connector Controller before version 4.6.365.20210703, Zoom On-Premise Meeting Connector MMR before version 4.6.365.20210703, Zoom On-Premise Recording Connector before version 3.8.45.20210703, Zoom On-Premise Virtual Room...

7.2CVSS7.1AI score0.01238EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/11/11 12:0 a.m.6 views

Zoom 多款产品输入验证错误漏洞

ZOOM Zoom Call Recording is a scalable session recording management solution.ZOOM on-premise Meeting Connector is a meeting connector.Zoom On- Premise Meeting Connector Controller and others are products of Zoom USA.Zoom On-Premise Meeting Connector Controller is an on-premise meeting connector. ...

9CVSS7.3AI score0.01238EPSS
Exploits0References2
Veracode
Veracode
added 2021/05/18 5:54 a.m.16 views

Information Disclosure

com.liferay.portal.store.s3 is vulnerable to information disclosure. The S3 store's proxy password is not obfuscated, allowing attackers to steal the password via man-in-the-middle attacks or shoulder surfing...

5.9CVSS4.4AI score0.00738EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder