VYPR

CWE-311

Missing Encryption of Sensitive Data

ClassDraftLikelihood: High

Description

The product does not encrypt sensitive or critical information before storage or transmission.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-157 · CAPEC-158 · CAPEC-204 · CAPEC-31 · CAPEC-37 · CAPEC-383 · CAPEC-384 · CAPEC-385 · CAPEC-386 · CAPEC-387 · CAPEC-388 · CAPEC-477 · CAPEC-609 · CAPEC-65

CVEs mapped to this weakness (303)

page 12 of 16
  • CVE-2025-64144Oct 29, 2025
    risk 0.00cvss epss 0.00

    Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system.

  • CVE-2025-64143Oct 29, 2025
    risk 0.00cvss epss 0.00

    Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system.

  • CVE-2025-59410Sep 17, 2025
    risk 0.00cvss epss 0.00

    Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle…

  • CVE-2025-53678Jul 9, 2025
    risk 0.00cvss epss 0.00

    Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.

  • CVE-2025-53676Jul 9, 2025
    risk 0.00cvss epss 0.00

    Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa Deployment Token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.

  • CVE-2025-53673Jul 9, 2025
    risk 0.00cvss epss 0.00

    Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API Manager integration token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.

  • CVE-2025-53668Jul 9, 2025
    risk 0.00cvss epss 0.00

    Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

  • CVE-2025-53666Jul 9, 2025
    risk 0.00cvss epss 0.00

    Jenkins Dead Man's Snitch Plugin 0.1 stores Dead Man's Snitch tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

  • CVE-2025-53663Jul 9, 2025
    risk 0.00cvss epss 0.00

    Jenkins IBM Cloud DevOps Plugin 2.0.16 and earlier stores SonarQube authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

  • CVE-2025-53659Jul 9, 2025
    risk 0.00cvss epss 0.00

    Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

  • CVE-2025-53653Jul 9, 2025
    risk 0.00cvss epss 0.00

    Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

  • CVE-2025-31728Apr 2, 2025
    risk 0.00cvss epss 0.00

    Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not mask AsakusaSatellite API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

  • CVE-2024-43382Oct 30, 2024
    risk 0.00cvss epss 0.00

    Snowflake JDBC driver versions >= 3.2.6 and <= 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption.

  • CVE-2024-47871Oct 10, 2024
    risk 0.00cvss epss 0.00

    Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **insecure communication** between the FRP (Fast Reverse Proxy) client and server when Gradio's `share=True` option is used. HTTPS is not enforced on the connection, allowing…

  • CVE-2024-23444Jul 31, 2024
    risk 0.00cvss epss 0.00

    It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed…

  • CVE-2024-35061May 21, 2024
    risk 0.00cvss epss 0.01

    NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject leads to an unauthenticated, fully remote code execution.

  • CVE-2024-28250Mar 18, 2024
    risk 0.00cvss epss 0.00

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.8 and 1.15.2, In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies Wireguard-eligible traffic that is sent…

  • CVE-2024-28249Mar 18, 2024
    risk 0.00cvss epss 0.00

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on…

  • CVE-2024-25631Feb 20, 2024
    risk 0.00cvss epss 0.00

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who have enabled an external kvstore and Wireguard transparent encryption, traffic between pods in the affected cluster is not encrypted. This issue affects Cilium v1.14…

  • CVE-2024-25630Feb 20, 2024
    risk 0.00cvss epss 0.00

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state (the default configuration) and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not…