Total
1025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10280 | 1 Jenkins | 1 Assembla Auth | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Assembla Auth Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10277 | 1 Jenkins | 1 Starteam | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins StarTeam Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10239 | 1 Robotronic | 1 Runasspc | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| Robotronic RunAsSpc 3.7.0.0 protects stored credentials insufficiently, which allows locally authenticated attackers (under the same user context) to obtain cleartext credentials of the stored account. | |||||
| CVE-2019-10225 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service, gaining access to read, and modify files. | |||||
| CVE-2019-10214 | 5 Buildah Project, Libpod Project, Opensuse and 2 more | 6 Buildah, Libpod, Leap and 3 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens. | |||||
| CVE-2019-10210 | 2 Microsoft, Postgresql | 2 Windows, Postgresql | 2024-11-21 | 1.9 LOW | 7.0 HIGH |
| Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file. | |||||
| CVE-2019-10206 | 3 Debian, Opensuse, Redhat | 4 Debian Linux, Backports Sle, Leap and 1 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them. | |||||
| CVE-2019-10205 | 1 Redhat | 1 Quay | 2024-11-21 | 4.6 MEDIUM | 6.3 MEDIUM |
| A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able to perform database queries in the Red Hat Quay database could use the tokens to read or write container images stored in the registry. | |||||
| CVE-2019-10139 | 1 Ovirt | 1 Cockpit-ovirt | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var` which contains the admin and the appliance passwords as plain-text. At the of the deployment procedure, these files are deleted. | |||||
| CVE-2019-1020009 | 1 Kolide | 1 Fleet | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Fleet before 2.1.2 allows exposure of SMTP credentials. | |||||
| CVE-2019-1010308 | 1 Aquaverde | 1 Aquarius Cms | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Aquaverde GmbH Aquarius CMS prior to version 4.1.1 is affected by: Incorrect Access Control. The impact is: The access to the log file is not restricted. It contains sensitive information like passwords etc. The component is: log file. The attack vector is: open the file. | |||||
| CVE-2019-1010241 | 1 Jenkins | 1 Credentials Binding | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line #30 (passwordVariable). The attack vector is: Attacker creates and executes a Jenkins job. | |||||
| CVE-2019-1003097 | 1 Jenkins | 1 Crowd Integration | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Crowd Integration Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003096 | 1 Jenkins | 1 Testfairy | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins TestFairy Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-1003045 | 1 Trustsource | 1 Ecs Publisher | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token configured in this plugin's configuration. | |||||
| CVE-2019-1003039 | 1 Jenkins | 1 Appdynamics | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java that allows attackers without permission to obtain passwords configured in jobs to obtain them. | |||||
| CVE-2019-1003038 | 1 Jenkins | 1 Repository Connector | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the password stored in the plugin configuration. | |||||
| CVE-2019-1000001 | 1 Teampass | 1 Teampass | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role assignment and can lead to shared password leakage. | |||||
| CVE-2019-0881 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-0183 | 1 Intel | 2 Open Cloud Integrity Tehnology, Openattestation | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access. | |||||