Total
1267 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-29052 | 1 Jenkins | 1 Google Compute Engine | 2024-11-21 | 4.3 Medium |
| Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2022-28651 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 8.4 High |
| In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields | ||||
| CVE-2022-28167 | 1 Broadcom | 1 Sannav | 2024-11-21 | 6.5 Medium |
| Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log | ||||
| CVE-2022-28141 | 1 Jenkins | 1 Proxmox | 2024-11-21 | 6.5 Medium |
| Jenkins Proxmox Plugin 0.5.0 and earlier stores the Proxmox Datacenter password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-28135 | 1 Jenkins | 1 Instant-messaging | 2024-11-21 | 6.5 Medium |
| Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-28005 | 1 3cx | 1 3cx | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. NOTE: this issue exists because of an incomplete fix for CVE-2022-48482. | ||||
| CVE-2022-27776 | 7 Brocade, Debian, Fedoraproject and 4 more | 19 Fabric Operating System, Debian Linux, Fedora and 16 more | 2024-11-21 | 6.5 Medium |
| A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. | ||||
| CVE-2022-27774 | 6 Brocade, Debian, Haxx and 3 more | 18 Fabric Operating System, Debian Linux, Curl and 15 more | 2024-11-21 | 5.7 Medium |
| An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers. | ||||
| CVE-2022-27560 | 1 Hcltech | 1 Versionvault Express | 2024-11-21 | 6 Medium |
| HCL VersionVault Express exposes administrator credentials. | ||||
| CVE-2022-27548 | 1 Hcltechsw | 1 Hcl Launch | 2024-11-21 | 4.9 Medium |
| HCL Launch stores user credentials in plain clear text which can be read by a local user. | ||||
| CVE-2022-27544 | 1 Hcltech | 1 Bigfix Platform | 2024-11-21 | 5 Medium |
| BigFix Web Reports authorized users may see SMTP credentials in clear text. | ||||
| CVE-2022-27218 | 1 Jenkins | 1 Incapptic Connect Uploader | 2024-11-21 | 4.3 Medium |
| Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2022-27217 | 1 Jenkins | 1 Vmware Vrealize Codestream | 2024-11-21 | 6.5 Medium |
| Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2022-27216 | 1 Jenkins | 1 Dbcharts | 2024-11-21 | 6.5 Medium |
| Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-27206 | 1 Jenkins | 1 Gitlab Authentication | 2024-11-21 | 6.5 Medium |
| Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-26948 | 1 Rsa | 1 Archer | 2024-11-21 | 5.8 Medium |
| The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerability. A malicious attacker may obtain access to credential information to use it in further attacks. | ||||
| CVE-2022-26856 | 1 Dell | 1 Emc Repository Manager | 2024-11-21 | 8.2 High |
| Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application's database with privileges of the compromised account. | ||||
| CVE-2022-25184 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift | 2024-11-21 | 6.5 Medium |
| Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Read permission to retrieve the default password parameter value from jobs. | ||||
| CVE-2022-25180 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift | 2024-11-21 | 4.3 Medium |
| Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds, allowing attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline. | ||||
| CVE-2022-24982 | 1 Jqueryform | 1 Jqueryform | 2024-11-21 | 6.5 Medium |
| Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to access the cleartext credentials of all other form users. admin.php contains a hidden base64-encoded string with these credentials. | ||||