CWE-256
Plaintext Storage of a Password
Description
The product stores a password in plaintext within resources such as memory or files.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (153)
page 8 of 8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-2125 | 0.00 | — | 0.01 | Feb 12, 2020 | Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | |||
| CVE-2020-2126 | 0.00 | — | 0.01 | Feb 12, 2020 | Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system. | |||
| CVE-2020-2124 | 0.00 | — | 0.01 | Feb 12, 2020 | Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | |||
| CVE-2020-2119 | 0.00 | — | 0.01 | Feb 12, 2020 | Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | |||
| CVE-2020-2107 | 0.00 | — | 0.01 | Jan 29, 2020 | Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||
| CVE-2019-16572 | 0.00 | — | 0.00 | Dec 17, 2019 | Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||
| CVE-2019-16543 | 0.00 | — | 0.00 | Nov 21, 2019 | Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||
| CVE-2019-10433 | 0.00 | — | 0.00 | Oct 1, 2019 | Jenkins Dingding[钉钉] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||
| CVE-2019-10434 | 0.00 | — | 0.01 | Oct 1, 2019 | Jenkins LDAP Email Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | |||
| CVE-2019-10426 | 0.00 | — | 0.00 | Sep 25, 2019 | Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||
| CVE-2019-10345 | 0.00 | — | 0.00 | Jul 31, 2019 | Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret to be masked when logging or encrypted for export. | |||
| CVE-2019-10329 | 0.00 | — | 0.02 | May 31, 2019 | Jenkins InfluxDB Plugin 1.21 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||
| CVE-2019-10302 | — | 0.00 | — | 0.01 | Apr 18, 2019 | Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. |
- CVE-2020-2125Feb 12, 2020risk 0.00cvss —epss 0.01
Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.
- CVE-2020-2126Feb 12, 2020risk 0.00cvss —epss 0.01
Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system.
- CVE-2020-2124Feb 12, 2020risk 0.00cvss —epss 0.01
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.
- CVE-2020-2119Feb 12, 2020risk 0.00cvss —epss 0.01
Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
- CVE-2020-2107Jan 29, 2020risk 0.00cvss —epss 0.01
Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
- CVE-2019-16572Dec 17, 2019risk 0.00cvss —epss 0.00
Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
- CVE-2019-16543Nov 21, 2019risk 0.00cvss —epss 0.00
Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
- CVE-2019-10433Oct 1, 2019risk 0.00cvss —epss 0.00
Jenkins Dingding[钉钉] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
- CVE-2019-10434Oct 1, 2019risk 0.00cvss —epss 0.01
Jenkins LDAP Email Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
- CVE-2019-10426Sep 25, 2019risk 0.00cvss —epss 0.00
Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
- CVE-2019-10345Jul 31, 2019risk 0.00cvss —epss 0.00
Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret to be masked when logging or encrypted for export.
- CVE-2019-10329May 31, 2019risk 0.00cvss —epss 0.02
Jenkins InfluxDB Plugin 1.21 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
- CVE-2019-10302Apr 18, 2019risk 0.00cvss —epss 0.01
Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.