CWE-319
Cleartext Transmission of Sensitive Information
Description
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-102 · CAPEC-117 · CAPEC-383 · CAPEC-477 · CAPEC-65
CVEs mapped to this weakness (302)
page 14 of 16| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-29662 | — | 0.00 | — | 0.01 | Feb 2, 2021 | In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauthenticated path. | ||
| CVE-2020-7744 | — | 0.00 | — | 0.01 | Oct 15, 2020 | This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls either within Google apps or via browser including file downloads, e-mail… | ||
| CVE-2020-2251 | 0.00 | — | 0.01 | Sep 1, 2020 | Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure. | |||
| CVE-2020-2232 | 0.00 | — | 0.01 | Aug 12, 2020 | Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure. | |||
| CVE-2020-2210 | 0.00 | — | 0.01 | Jul 2, 2020 | Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | |||
| CVE-2020-2165 | 0.00 | — | 0.01 | Mar 25, 2020 | Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | |||
| CVE-2020-2156 | 0.00 | — | 0.01 | Mar 9, 2020 | Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | |||
| CVE-2020-2155 | 0.00 | — | 0.01 | Mar 9, 2020 | Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | |||
| CVE-2020-2157 | 0.00 | — | 0.01 | Mar 9, 2020 | Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | |||
| CVE-2020-2153 | 0.00 | — | 0.01 | Mar 9, 2020 | Jenkins Backlog Plugin 2.4 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | |||
| CVE-2020-2151 | 0.00 | — | 0.01 | Mar 9, 2020 | Jenkins Quality Gates Plugin 2.5 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | |||
| CVE-2020-2150 | 0.00 | — | 0.01 | Mar 9, 2020 | Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | |||
| CVE-2020-2149 | 0.00 | — | 0.01 | Mar 9, 2020 | Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | |||
| CVE-2020-2142 | 0.00 | — | 0.01 | Mar 9, 2020 | A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier allows attackers with Overall/Read permission to trigger builds. | |||
| CVE-2020-2143 | 0.00 | — | 0.01 | Mar 9, 2020 | Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | |||
| CVE-2020-2114 | 0.00 | — | 0.01 | Feb 12, 2020 | Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | |||
| CVE-2019-12399 | 0.00 | — | 0.04 | Jan 14, 2020 | When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration… | |||
| CVE-2019-16568 | — | 0.00 | — | 0.01 | Dec 17, 2019 | Jenkins SCTMExecutor Plugin 2.2 and earlier transmits previously configured service credentials in plain text as part of the global configuration, as well as individual jobs' configurations. | ||
| CVE-2019-16545 | 0.00 | — | 0.01 | Nov 21, 2019 | Jenkins QMetry for JIRA - Test Management Plugin transmits credentials in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure. | |||
| CVE-2019-0231 | 0.00 | — | 0.02 | Oct 1, 2019 | Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should… |
- CVE-2020-29662Feb 2, 2021risk 0.00cvss —epss 0.01
In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauthenticated path.
- CVE-2020-7744Oct 15, 2020risk 0.00cvss —epss 0.01
This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls either within Google apps or via browser including file downloads, e-mail…
- CVE-2020-2251Sep 1, 2020risk 0.00cvss —epss 0.01
Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.
- CVE-2020-2232Aug 12, 2020risk 0.00cvss —epss 0.01
Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure.
- CVE-2020-2210Jul 2, 2020risk 0.00cvss —epss 0.01
Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
- CVE-2020-2165Mar 25, 2020risk 0.00cvss —epss 0.01
Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
- CVE-2020-2156Mar 9, 2020risk 0.00cvss —epss 0.01
Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.
- CVE-2020-2155Mar 9, 2020risk 0.00cvss —epss 0.01
Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
- CVE-2020-2157Mar 9, 2020risk 0.00cvss —epss 0.01
Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.
- CVE-2020-2153Mar 9, 2020risk 0.00cvss —epss 0.01
Jenkins Backlog Plugin 2.4 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.
- CVE-2020-2151Mar 9, 2020risk 0.00cvss —epss 0.01
Jenkins Quality Gates Plugin 2.5 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
- CVE-2020-2150Mar 9, 2020risk 0.00cvss —epss 0.01
Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
- CVE-2020-2149Mar 9, 2020risk 0.00cvss —epss 0.01
Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
- CVE-2020-2142Mar 9, 2020risk 0.00cvss —epss 0.01
A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier allows attackers with Overall/Read permission to trigger builds.
- CVE-2020-2143Mar 9, 2020risk 0.00cvss —epss 0.01
Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
- CVE-2020-2114Feb 12, 2020risk 0.00cvss —epss 0.01
Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
- CVE-2019-12399Jan 14, 2020risk 0.00cvss —epss 0.04
When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration…
- CVE-2019-16568Dec 17, 2019risk 0.00cvss —epss 0.01
Jenkins SCTMExecutor Plugin 2.2 and earlier transmits previously configured service credentials in plain text as part of the global configuration, as well as individual jobs' configurations.
- CVE-2019-16545Nov 21, 2019risk 0.00cvss —epss 0.01
Jenkins QMetry for JIRA - Test Management Plugin transmits credentials in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.
- CVE-2019-0231Oct 1, 2019risk 0.00cvss —epss 0.02
Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should…