Total
624 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2151 | 1 Jenkins | 1 Quality Gates | 2023-10-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins Quality Gates Plugin 2.5 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2020-2150 | 1 Jenkins | 1 Sonar Quality Gates | 2023-10-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2020-2149 | 1 Jenkins | 1 Repository Connector | 2023-10-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2020-2143 | 1 Jenkins | 1 Logstash | 2023-10-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2019-16568 | 1 Jenkins | 1 Sctmexecutor | 2023-10-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins SCTMExecutor Plugin 2.2 and earlier transmits previously configured service credentials in plain text as part of the global configuration, as well as individual jobs' configurations. | |||||
| CVE-2019-16545 | 1 Qmetry | 1 Jenkins Qmetry For Jira | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins QMetry for JIRA - Test Management Plugin transmits credentials in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure. | |||||
| CVE-2019-10435 | 1 Jenkins | 1 Sourcegear Vault | 2023-10-25 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | |||||
| CVE-2019-10434 | 1 Jenkins | 1 Ldap Email | 2023-10-25 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins LDAP Email Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2019-10428 | 1 Jenkins | 1 Aqua Security Scanner | 2023-10-25 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2019-10427 | 1 Jenkins | 1 Aqua Microscanner | 2023-10-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2019-10412 | 1 Jenkins | 1 Inedo Proget | 2023-10-25 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2019-10411 | 1 Jenkins | 1 Inedo Buildmaster | 2023-10-25 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2019-10397 | 1 Jenkins | 1 Aqua Security Severless Scanner | 2023-10-25 | 2.6 LOW | 3.1 LOW |
| Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. | |||||
| CVE-2019-10391 | 1 Jenkins | 1 Ibm Application Security On Cloud | 2023-10-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. | |||||
| CVE-2019-10363 | 1 Jenkins | 1 Configuration As Code | 2023-10-25 | 4.0 MEDIUM | 4.9 MEDIUM |
| Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form. | |||||
| CVE-2023-34441 | 1 Bakerhughes | 2 Bentley Nevada 3500 System, Bentley Nevada 3500 System Firmware | 2023-10-25 | N/A | 8.2 HIGH |
| Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a cleartext transmission vulnerability which could allow an attacker to steal the authentication secret from communication traffic to the device and reuse it for arbitrary requests. | |||||
| CVE-2023-41088 | 1 Dexma | 1 Dexgate | 2023-10-25 | N/A | 6.5 MEDIUM |
| The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker with access to the network, where clients have access to the DexGate server, could capture traffic. The attacker can later us the information within it to access the application. | |||||
| CVE-2022-22385 | 3 Apple, Ibm, Microsoft | 3 Macos, Security Verify Privilege On-premises, Windows | 2023-10-18 | N/A | 7.5 HIGH |
| IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information to an attacked due to the transmission of data in clear text. IBM X-Force ID: 221962. | |||||
| CVE-2022-43724 | 1 Siemens | 1 Sicam Pas\/pqs | 2023-10-17 | N/A | 9.8 CRITICAL |
| A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xp_cmdshell feature unauthenticated remote attackers could execute custom OS commands. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions. | |||||
| CVE-2023-5100 | 1 Sick | 2 Apu0200, Apu0200 Firmware | 2023-10-11 | N/A | 6.5 MEDIUM |
| Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic that is not encrypted. | |||||