VYPR

CWE-319

Cleartext Transmission of Sensitive Information

BaseDraftLikelihood: High

Description

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-102 · CAPEC-117 · CAPEC-383 · CAPEC-477 · CAPEC-65

CVEs mapped to this weakness (302)

page 14 of 16
  • CVE-2020-29662Feb 2, 2021
    risk 0.00cvss epss 0.01

    In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauthenticated path.

  • CVE-2020-7744Oct 15, 2020
    risk 0.00cvss epss 0.01

    This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls either within Google apps or via browser including file downloads, e-mail…

  • CVE-2020-2251Sep 1, 2020
    risk 0.00cvss epss 0.01

    Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.

  • CVE-2020-2232Aug 12, 2020
    risk 0.00cvss epss 0.01

    Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure.

  • CVE-2020-2210Jul 2, 2020
    risk 0.00cvss epss 0.01

    Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

  • CVE-2020-2165Mar 25, 2020
    risk 0.00cvss epss 0.01

    Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

  • CVE-2020-2156Mar 9, 2020
    risk 0.00cvss epss 0.01

    Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.

  • CVE-2020-2155Mar 9, 2020
    risk 0.00cvss epss 0.01

    Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

  • CVE-2020-2157Mar 9, 2020
    risk 0.00cvss epss 0.01

    Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.

  • CVE-2020-2153Mar 9, 2020
    risk 0.00cvss epss 0.01

    Jenkins Backlog Plugin 2.4 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.

  • CVE-2020-2151Mar 9, 2020
    risk 0.00cvss epss 0.01

    Jenkins Quality Gates Plugin 2.5 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

  • CVE-2020-2150Mar 9, 2020
    risk 0.00cvss epss 0.01

    Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

  • CVE-2020-2149Mar 9, 2020
    risk 0.00cvss epss 0.01

    Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

  • CVE-2020-2142Mar 9, 2020
    risk 0.00cvss epss 0.01

    A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier allows attackers with Overall/Read permission to trigger builds.

  • CVE-2020-2143Mar 9, 2020
    risk 0.00cvss epss 0.01

    Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

  • CVE-2020-2114Feb 12, 2020
    risk 0.00cvss epss 0.01

    Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

  • CVE-2019-12399Jan 14, 2020
    risk 0.00cvss epss 0.04

    When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration…

  • CVE-2019-16568Dec 17, 2019
    risk 0.00cvss epss 0.01

    Jenkins SCTMExecutor Plugin 2.2 and earlier transmits previously configured service credentials in plain text as part of the global configuration, as well as individual jobs' configurations.

  • CVE-2019-16545Nov 21, 2019
    risk 0.00cvss epss 0.01

    Jenkins QMetry for JIRA - Test Management Plugin transmits credentials in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.

  • CVE-2019-0231Oct 1, 2019
    risk 0.00cvss epss 0.02

    Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should…