VYPR

CWE-312

Cleartext Storage of Sensitive Information

BaseDraft

Description

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-37

CVEs mapped to this weakness (269)

page 13 of 14
  • CVE-2020-26228Nov 23, 2020
    risk 0.00cvss epss 0.01

    TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly…

  • CVE-2020-2274Sep 16, 2020
    risk 0.00cvss epss 0.00

    Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

  • CVE-2020-17495Aug 11, 2020
    risk 0.00cvss epss 0.01

    django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database.

  • CVE-2020-15105Jul 10, 2020
    risk 0.00cvss epss 0.01

    Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a…

  • CVE-2020-12458Apr 29, 2020
    risk 0.00cvss epss 0.00

    An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords).

  • CVE-2020-2177Apr 16, 2020
    risk 0.00cvss epss 0.01

    Jenkins Copr Plugin 0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

  • CVE-2020-2164Mar 25, 2020
    risk 0.00cvss epss 0.01

    Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.

  • CVE-2019-10682Mar 18, 2020
    risk 0.00cvss epss 0.01

    django-nopassword before 5.0.0 stores cleartext secrets in the database.

  • CVE-2020-2154Mar 9, 2020
    risk 0.00cvss epss 0.00

    Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores its credentials in plain text in a global configuration file on the Jenkins master file system.

  • CVE-2019-14825Nov 25, 2019
    risk 0.00cvss epss 0.01

    A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged…

  • CVE-2019-8118Nov 5, 2019
    risk 0.00cvss epss 0.01

    Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts.

  • CVE-2019-10453Oct 16, 2019
    risk 0.00cvss epss 0.00

    Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

  • CVE-2019-10452Oct 16, 2019
    risk 0.00cvss epss 0.00

    Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

  • CVE-2019-10450Oct 16, 2019
    risk 0.00cvss epss 0.00

    Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

  • CVE-2019-10451Oct 16, 2019
    risk 0.00cvss epss 0.00

    Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

  • CVE-2019-10449Oct 16, 2019
    risk 0.00cvss epss 0.01

    Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

  • CVE-2019-10447Oct 16, 2019
    risk 0.00cvss epss 0.01

    Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

  • CVE-2019-10448Oct 16, 2019
    risk 0.00cvss epss 0.01

    Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

  • CVE-2019-10443Oct 16, 2019
    risk 0.00cvss epss 0.02

    Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.

  • CVE-2019-10440Oct 16, 2019
    risk 0.00cvss epss 0.01

    Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.