VYPR

CWE-256

Plaintext Storage of a Password

BaseIncompleteLikelihood: High

Description

The product stores a password in plaintext within resources such as memory or files.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (153)

page 8 of 8
  • CVE-2020-2125Feb 12, 2020
    risk 0.00cvss epss 0.01

    Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.

  • CVE-2020-2126Feb 12, 2020
    risk 0.00cvss epss 0.01

    Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system.

  • CVE-2020-2124Feb 12, 2020
    risk 0.00cvss epss 0.01

    Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.

  • CVE-2020-2119Feb 12, 2020
    risk 0.00cvss epss 0.01

    Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

  • CVE-2020-2107Jan 29, 2020
    risk 0.00cvss epss 0.01

    Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

  • CVE-2019-16572Dec 17, 2019
    risk 0.00cvss epss 0.00

    Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

  • CVE-2019-16543Nov 21, 2019
    risk 0.00cvss epss 0.00

    Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

  • CVE-2019-10433Oct 1, 2019
    risk 0.00cvss epss 0.00

    Jenkins Dingding[钉钉] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

  • CVE-2019-10434Oct 1, 2019
    risk 0.00cvss epss 0.01

    Jenkins LDAP Email Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

  • CVE-2019-10426Sep 25, 2019
    risk 0.00cvss epss 0.00

    Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

  • CVE-2019-10345Jul 31, 2019
    risk 0.00cvss epss 0.00

    Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret to be masked when logging or encrypted for export.

  • CVE-2019-10329May 31, 2019
    risk 0.00cvss epss 0.02

    Jenkins InfluxDB Plugin 1.21 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

  • CVE-2019-10302Apr 18, 2019
    risk 0.00cvss epss 0.01

    Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.