Total
1013 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34202 | 1 Jenkins | 1 Easyqa | 2023-11-03 | 6.5 Medium |
| Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-34199 | 1 Jenkins | 1 Convertigo Mobile Platform | 2023-11-03 | 6.5 Medium |
| Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2022-30952 | 1 Jenkins | 1 Blue Ocean | 2023-11-03 | 6.5 Medium |
| Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins. | ||||
| CVE-2023-43905 | 1 Writercms | 1 Writercms | 2023-11-03 | 7.5 High |
| Incorrect access control in writercms v1.1.0 allows attackers to directly obtain backend account passwords via unspecified vectors. | ||||
| CVE-2022-25184 | 1 Jenkins | 1 Pipeline\ | 2023-11-03 | 6.5 Medium |
| Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Read permission to retrieve the default password parameter value from jobs. | ||||
| CVE-2022-36901 | 1 Jenkins | 1 Http Request | 2023-11-02 | 6.5 Medium |
| Jenkins HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-38665 | 1 Jenkins | 1 Collabnet | 2023-11-02 | 6.5 Medium |
| Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-38663 | 1 Jenkins | 1 Git | 2023-11-02 | 6.5 Medium |
| Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding. | ||||
| CVE-2021-39289 | 1 Netmodule | 16 Nb1600, Nb1601, Nb1800 and 13 more | 2023-11-02 | 7.5 High |
| Certain NetModule devices have Insecure Password Handling (cleartext or reversible encryption), These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800. | ||||
| CVE-2022-41255 | 1 Jenkins | 1 Cons3rt | 2023-11-01 | 6.5 Medium |
| Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-45392 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2023-11-01 | 6.5 Medium |
| Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2023-46651 | 1 Jenkins | 1 Warnings | 2023-11-01 | 6.5 Medium |
| Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1. | ||||
| CVE-2021-21634 | 1 Jenkins | 1 Jabber \(xmpp\) Notifier And Control | 2023-10-25 | 6.5 Medium |
| Jenkins Jabber (XMPP) notifier and control Plugin 1.41 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2021-21614 | 1 Jenkins | 1 Bumblebee Hp Alm | 2023-10-25 | 5.5 Medium |
| Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2021-21612 | 1 Jenkins | 1 Tracetronic Ecu-test | 2023-10-25 | 5.5 Medium |
| Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2020-2319 | 1 Jenkins | 1 Vmware Lab Manager Slaves | 2023-10-25 | 6.5 Medium |
| Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2020-2318 | 1 Jenkins | 1 Mail Commander | 2023-10-25 | 6.5 Medium |
| Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2020-2314 | 1 Jenkins | 1 Appspider | 2023-10-25 | 5.5 Medium |
| Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2020-2297 | 1 Jenkins | 1 Sms Notification | 2023-10-25 | 3.3 Low |
| Jenkins SMS Notification Plugin 1.2 and earlier stores an access token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2020-2291 | 1 Jenkins | 1 Couchdb-statistics | 2023-10-25 | 3.3 Low |
| Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||