ReportizFlow
Filtered by vendor
Subscriptions
Total
1126 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34808 | 1 Jenkins | 1 Cisco Spark | 2024-11-21 | 4.3 Medium |
| Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-34807 | 1 Jenkins | 1 Elasticsearch Query | 2024-11-21 | 6.5 Medium |
| Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-34806 | 1 Jenkins | 1 Jigomerge | 2024-11-21 | 6.5 Medium |
| Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2022-34805 | 1 Jenkins | 1 Skype Notifier | 2024-11-21 | 6.5 Medium |
| Jenkins Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-34803 | 1 Jenkins | 1 Opsgenie | 2024-11-21 | 4.3 Medium |
| Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission (config.xml), or access to the Jenkins controller file system. | ||||
| CVE-2022-34802 | 1 Jenkins | 1 Rocketchat Notifier | 2024-11-21 | 4.3 Medium |
| Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-34800 | 1 Jenkins | 1 Build Notifications | 2024-11-21 | 4.3 Medium |
| Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-34799 | 1 Jenkins | 1 Deployment Dashboard | 2024-11-21 | 4.3 Medium |
| Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-34445 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | 6 Medium |
| Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure. | ||||
| CVE-2022-34371 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 8.1 High |
| Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system compromise. | ||||
| CVE-2022-34311 | 1 Ibm | 1 Cics Tx | 2024-11-21 | 4.3 Medium |
| IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user's session due to insufficiently protected credentials. IBM X-Force ID: 229446. | ||||
| CVE-2022-34213 | 1 Jenkins | 1 Squash Tm Publisher | 2024-11-21 | 6.5 Medium |
| Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-34202 | 1 Jenkins | 1 Easyqa | 2024-11-21 | 6.5 Medium |
| Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-34199 | 1 Jenkins | 1 Convertigo Mobile Platform | 2024-11-21 | 6.5 Medium |
| Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2022-33953 | 1 Ibm | 3 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak | 2024-11-21 | 4.6 Medium |
| IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected access tokens. IBM X-Force ID: 229198. | ||||
| CVE-2022-33169 | 1 Ibm | 1 Robotic Process Automation | 2024-11-21 | 6.5 Medium |
| IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulk upload. IBM X-Force ID: 228888. | ||||
| CVE-2022-32520 | 1 Schneider-electric | 1 Data Center Expert | 2024-11-21 | 8 High |
| A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32518. Affected Products: Data Center Expert (Versions prior to V7.9.0) | ||||
| CVE-2022-32519 | 1 Schneider-electric | 1 Data Center Expert | 2024-11-21 | 8 High |
| A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Products: Data Center Expert (Versions prior to V7.9.0) | ||||
| CVE-2022-32518 | 1 Schneider-electric | 1 Data Center Expert | 2024-11-21 | 8 High |
| A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32520. Affected Products: Data Center Expert (Versions prior to V7.9.0) | ||||
| CVE-2022-31887 | 1 Marvalglobal | 1 Marval Msm | 2024-11-21 | 9.8 Critical |
| Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password. | ||||