CWE-522
Insufficiently Protected Credentials
Description
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-102 · CAPEC-474 · CAPEC-50 · CAPEC-509 · CAPEC-551 · CAPEC-555 · CAPEC-560 · CAPEC-561 · CAPEC-600 · CAPEC-644 · CAPEC-645 · CAPEC-652 · CAPEC-653
CVEs mapped to this weakness (561)
page 18 of 29| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-4536 | — | 0.00 | — | 0.00 | May 7, 2024 | In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component ( https://github.com/eclipse-edc/Connector ), an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have… | ||
| CVE-2024-34147 | 0.00 | — | 0.01 | May 2, 2024 | Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||
| CVE-2024-29992 | 0.00 | — | 0.01 | Apr 9, 2024 | Azure Identity Library for .NET Information Disclosure Vulnerability | |||
| CVE-2024-28110 | — | 0.00 | — | 0.01 | Mar 6, 2024 | Go SDK for CloudEvents is the official CloudEvents SDK to integrate applications with CloudEvents. Prior to version 2.15.2, using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to… | ||
| CVE-2023-50291 | 0.00 | — | 0.03 | Feb 9, 2024 | Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to… | |||
| CVE-2024-24595 | — | 0.00 | — | 0.00 | Feb 5, 2024 | Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords. | ||
| CVE-2023-29055 | — | 0.00 | — | 0.01 | Jan 29, 2024 | In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP (or other plain text protocol), it is possible for network sniffers… | ||
| CVE-2023-50770 | 0.00 | — | 0.00 | Dec 13, 2023 | Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that… | |||
| CVE-2018-16153 | 0.00 | — | 0.01 | Dec 12, 2023 | An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations. | |||
| CVE-2023-49280 | 0.00 | — | 0.01 | Dec 4, 2023 | XWiki Change Request is an XWiki application allowing to request changes on a wiki without publishing directly the changes. Change request allows to edit any page by default, and the changes are then exported in an XML file that anyone can download. So it's possible for an… | |||
| CVE-2023-49653 | 0.00 | — | 0.01 | Nov 29, 2023 | Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. | |||
| CVE-2023-46651 | 0.00 | — | 0.01 | Oct 25, 2023 | Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1. | |||
| CVE-2023-46115 | 0.00 | — | 0.00 | Oct 19, 2023 | Tauri is a framework for building binaries for all major desktop platforms. This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled… | |||
| CVE-2023-1633 | 0.00 | — | 0.00 | Sep 24, 2023 | A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials. | |||
| CVE-2023-43631 | — | 0.00 | — | 0.00 | Sep 21, 2023 | On boot, the Pillar eve container checks for the existence and content of “/config/authorized_keys”. If the file is present, and contains a supported public key, the container will go on to open port 22 and enable sshd with the given keys as the authorized keys for root… | ||
| CVE-2023-43633 | — | 0.00 | — | 0.00 | Sep 21, 2023 | On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. If the file exists, it overrides the existing configuration on the device on boot. This allows an attacker to change the system’s configuration, which also… | ||
| CVE-2023-43634 | — | 0.00 | — | 0.00 | Sep 21, 2023 | When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are used. In a previous project, CYMOTIVE found that the configuration is not protected by the secure boot, and in response Zededa implemented measurements on the config partition that… | ||
| CVE-2023-43635 | — | 0.00 | — | 0.00 | Sep 20, 2023 | Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulting in a unique value for each PCR entry. These PCRs are then used in order to… | ||
| CVE-2023-43630 | — | 0.00 | — | 0.00 | Sep 20, 2023 | PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was implemented in commit “7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, fixing this issue alone would not solve the problem of the config partition not being measured correctly. … | ||
| CVE-2023-40347 | 0.00 | — | 0.01 | Aug 16, 2023 | Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. |
- CVE-2024-4536May 7, 2024risk 0.00cvss —epss 0.00
In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component ( https://github.com/eclipse-edc/Connector ), an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have…
- CVE-2024-34147May 2, 2024risk 0.00cvss —epss 0.01
Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
- CVE-2024-29992Apr 9, 2024risk 0.00cvss —epss 0.01
Azure Identity Library for .NET Information Disclosure Vulnerability
- CVE-2024-28110Mar 6, 2024risk 0.00cvss —epss 0.01
Go SDK for CloudEvents is the official CloudEvents SDK to integrate applications with CloudEvents. Prior to version 2.15.2, using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to…
- CVE-2023-50291Feb 9, 2024risk 0.00cvss —epss 0.03
Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to…
- CVE-2024-24595Feb 5, 2024risk 0.00cvss —epss 0.00
Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords.
- CVE-2023-29055Jan 29, 2024risk 0.00cvss —epss 0.01
In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP (or other plain text protocol), it is possible for network sniffers…
- CVE-2023-50770Dec 13, 2023risk 0.00cvss —epss 0.00
Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that…
- CVE-2018-16153Dec 12, 2023risk 0.00cvss —epss 0.01
An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations.
- CVE-2023-49280Dec 4, 2023risk 0.00cvss —epss 0.01
XWiki Change Request is an XWiki application allowing to request changes on a wiki without publishing directly the changes. Change request allows to edit any page by default, and the changes are then exported in an XML file that anyone can download. So it's possible for an…
- CVE-2023-49653Nov 29, 2023risk 0.00cvss —epss 0.01
Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.
- CVE-2023-46651Oct 25, 2023risk 0.00cvss —epss 0.01
Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1.
- CVE-2023-46115Oct 19, 2023risk 0.00cvss —epss 0.00
Tauri is a framework for building binaries for all major desktop platforms. This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled…
- CVE-2023-1633Sep 24, 2023risk 0.00cvss —epss 0.00
A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials.
- CVE-2023-43631Sep 21, 2023risk 0.00cvss —epss 0.00
On boot, the Pillar eve container checks for the existence and content of “/config/authorized_keys”. If the file is present, and contains a supported public key, the container will go on to open port 22 and enable sshd with the given keys as the authorized keys for root…
- CVE-2023-43633Sep 21, 2023risk 0.00cvss —epss 0.00
On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. If the file exists, it overrides the existing configuration on the device on boot. This allows an attacker to change the system’s configuration, which also…
- CVE-2023-43634Sep 21, 2023risk 0.00cvss —epss 0.00
When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are used. In a previous project, CYMOTIVE found that the configuration is not protected by the secure boot, and in response Zededa implemented measurements on the config partition that…
- CVE-2023-43635Sep 20, 2023risk 0.00cvss —epss 0.00
Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulting in a unique value for each PCR entry. These PCRs are then used in order to…
- CVE-2023-43630Sep 20, 2023risk 0.00cvss —epss 0.00
PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was implemented in commit “7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, fixing this issue alone would not solve the problem of the config partition not being measured correctly. …
- CVE-2023-40347Aug 16, 2023risk 0.00cvss —epss 0.01
Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.