Total
1286 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34808 | 1 Jenkins | 1 Cisco Spark | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
|
|||||
| CVE-2022-34807 | 1 Jenkins | 1 Elasticsearch Query | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
|
|||||
| CVE-2022-34806 | 1 Jenkins | 1 Jigomerge | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
|
|||||
| CVE-2022-34805 | 1 Jenkins | 1 Skype Notifier | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Jenkins Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
|
|||||
| CVE-2022-34803 | 1 Jenkins | 1 Opsgenie | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission (config.xml), or access to the Jenkins controller file system.
|
|||||
| CVE-2022-34802 | 1 Jenkins | 1 Rocketchat Notifier | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
|
|||||
| CVE-2022-34800 | 1 Jenkins | 1 Build Notifications | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
|
|||||
| CVE-2022-34799 | 1 Jenkins | 1 Deployment Dashboard | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
|
|||||
| CVE-2022-34371 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | N/A | 8.1 HIGH |
|
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system compromise.
|
|||||
| CVE-2022-34311 | 1 Ibm | 1 Cics Tx | 2024-11-21 | N/A | 4.3 MEDIUM |
|
IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user's session due to insufficiently protected credentials. IBM X-Force ID: 229446.
|
|||||
| CVE-2022-34213 | 1 Jenkins | 1 Squash Tm Publisher | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
|
|||||
| CVE-2022-34202 | 1 Jenkins | 1 Easyqa | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
|
|||||
| CVE-2022-34199 | 1 Jenkins | 1 Convertigo Mobile Platform | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
|
|||||
| CVE-2022-33953 | 1 Ibm | 3 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected access tokens. IBM X-Force ID: 229198.
|
|||||
| CVE-2022-33169 | 1 Ibm | 1 Robotic Process Automation | 2024-11-21 | N/A | 6.5 MEDIUM |
|
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulk upload. IBM X-Force ID: 228888.
|
|||||
| CVE-2022-32520 | 1 Schneider-electric | 1 Data Center Expert | 2024-11-21 | N/A | 8.0 HIGH |
|
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32518. Affected Products: Data Center Expert (Versions prior to V7.9.0)
|
|||||
| CVE-2022-32519 | 1 Schneider-electric | 1 Data Center Expert | 2024-11-21 | N/A | 8.0 HIGH |
|
A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Products: Data Center Expert (Versions prior to V7.9.0)
|
|||||
| CVE-2022-32518 | 1 Schneider-electric | 1 Data Center Expert | 2024-11-21 | N/A | 8.0 HIGH |
|
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32520. Affected Products: Data Center Expert (Versions prior to V7.9.0)
|
|||||
| CVE-2022-31887 | 1 Marvalglobal | 1 Marval Msm | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password.
|
|||||
| CVE-2022-31130 | 1 Grafana | 1 Grafana | 2024-11-21 | N/A | 4.9 MEDIUM |
|
Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with authentication tokens. The destination plugin could receive a user's Grafana authentication token. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not use API keys, JWT authentication ...
Show More |
|||||
| CVE-2022-31085 | 2 Debian, Ldap-account-manager | 2 Debian Linux, Ldap Account Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by configuration. This issue has been fixed in version 8.0. Users unable to upgrade should install the PHP OpenSSL extension and make sure session encryption is enabled in LAM main configuration.
|
|||||
| CVE-2022-31044 | 1 Pagerduty | 1 Rundeck | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. The Key Storage converter plugin mechanism was not enabled correctly in Rundeck 4.2.0 and 4.2.1, resulting in use of the encryption layer for Key Storage possibly not working. Any credentials created or overwritten using Rundeck 4.2.0 or 4.2.1 might result in them being written in plaintext to the backend storage. This affects those using any `Storage Converter` plugin. Rundeck 4.3.1 and 4.2.2 have ...
Show More |
|||||
| CVE-2022-30952 | 1 Jenkins | 1 Blue Ocean | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins.
|
|||||
| CVE-2022-30587 | 1 Gradle | 1 Gradle Enterprise | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to information disclosure.
|
|||||
| CVE-2022-30018 | 1 Mobotix | 1 Mxcontrolcenter | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Mobotix Control Center (MxCC) through 2.5.4.5 has Insufficiently Protected Credentials, Storing Passwords in a Recoverable Format via the MxCC.ini config file. The credential storage method in this software enables an attacker/user of the machine to gain admin access to the software and gain access to recordings/recording locations.
|
|||||
| CVE-2022-2967 | 1 Prosysopc | 2 Ua Modbus Server, Ua Simulation Server | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modbus Server versions 1.4.18-5 and prior do not sufficiently protect credentials, which could allow an attacker to obtain user credentials and gain access to system data.
|
|||||
| CVE-2022-2221 | 1 Devolutions | 1 Remote Desktop Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8.
|
|||||
| CVE-2022-2103 | 1 Secheron | 2 Sepcos Control And Protection Relay, Sepcos Control And Protection Relay Firmware | 2024-11-21 | 6.4 MEDIUM | 9.8 CRITICAL |
|
An attacker with weak credentials could access the TCP port via an open FTP port, allowing an attacker to read sensitive files and write to remotely executable directories.
|
|||||
| CVE-2022-29959 | 1 Emerson | 1 Openbsi | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. This environment provides access control functionality through user authentication and privilege management. The credentials for various users are stored insecurely in the SecUsers.ini file by using a simple string transformation rather than a cryptographic mechanism.
|
|||||
| CVE-2022-29839 | 2 Linux, Westerndigital | 12 Linux Kernel, My Cloud, My Cloud Dl2100 and 9 more | 2024-11-21 | N/A | 4.1 MEDIUM |
|
Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices that could allow an attacker who has gained access to a relevant endpoint to use that information to access protected data. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux.
|
|||||
| CVE-2022-29833 | 1 Mitsubishielectric | 1 Gx Works3 | 2024-11-21 | N/A | 6.8 MEDIUM |
|
Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could access to MELSEC safety CPU modules illgally.
|
|||||
| CVE-2022-29588 | 1 Konicaminolta | 90 Bizhub 226i, Bizhub 226i Firmware, Bizhub 227 and 87 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Konica Minolta bizhub MFP devices before 2022-04-14 use cleartext password storage for the /var/log/nginx/html/ADMINPASS and /etc/shadow files.
|
|||||
| CVE-2022-29457 | 1 Zohocorp | 4 Manageengine Adaudit Plus, Manageengine Admanager Plus, Manageengine Adselfservice Plus and 1 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
|
|||||
| CVE-2022-29089 | 1 Dell | 1 Smartfabric Os10 | 2024-11-21 | N/A | 6.4 MEDIUM |
|
Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges.
|
|||||
| CVE-2022-29085 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
|
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.
|
|||||
| CVE-2022-29052 | 1 Jenkins | 1 Google Compute Engine | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
|
|||||
| CVE-2022-28651 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 2.1 LOW | 8.4 HIGH |
|
In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields
|
|||||
| CVE-2022-28167 | 1 Broadcom | 1 Sannav | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log
|
|||||
| CVE-2022-28141 | 1 Jenkins | 1 Proxmox | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Jenkins Proxmox Plugin 0.5.0 and earlier stores the Proxmox Datacenter password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
|
|||||
| CVE-2022-28135 | 1 Jenkins | 1 Instant-messaging | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
|
|||||