Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-39879

Summary
Assigner-JetBrains
Assigner Org ID-547ada31-17d8-4964-bc5f-1b8238ba8014
Published At-01 Jul, 2024 | 17:07
Updated At-02 Aug, 2024 | 04:33
Rejected At-
Credits

In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:JetBrains
Assigner Org ID:547ada31-17d8-4964-bc5f-1b8238ba8014
Published At:01 Jul, 2024 | 17:07
Updated At:02 Aug, 2024 | 04:33
Rejected At:
▼CVE Numbering Authority (CNA)

In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings

Affected Products
Vendor
JetBrains s.r.o.JetBrains
Product
TeamCity
Default Status
unaffected
Versions
Affected
  • From 0 before 2024.03.3 (semver)
Problem Types
TypeCWE IDDescription
N/AN/ACWE-522
Type: N/A
CWE ID: N/A
Description: CWE-522
Metrics
VersionBase scoreBase severityVector
3.15.0MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Version: 3.1
Base score: 5.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.jetbrains.com/privacy-security/issues-fixed/
N/A
Hyperlink: https://www.jetbrains.com/privacy-security/issues-fixed/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
JetBrains s.r.o.jetbrains
Product
teamcity
CPEs
  • cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 0 before 2024.03.3 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.jetbrains.com/privacy-security/issues-fixed/
x_transferred
Hyperlink: https://www.jetbrains.com/privacy-security/issues-fixed/
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@jetbrains.com
Published At:01 Jul, 2024 | 17:15
Updated At:17 Sep, 2024 | 18:57

In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Secondary3.15.0MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 5.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CPE Matches
JetBrains s.r.o.
jetbrains
>>teamcity>>Versions before 2024.03.3(exclusive)
cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-522Primarynvd@nist.gov
CWE-522Secondarycve@jetbrains.com
CWE ID: CWE-522
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-522
Type: Secondary
Source: cve@jetbrains.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.jetbrains.com/privacy-security/issues-fixed/cve@jetbrains.com
Vendor Advisory
Hyperlink: https://www.jetbrains.com/privacy-security/issues-fixed/
Source: cve@jetbrains.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

74Records found
CVE-2025-26492
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-7.7||HIGH
EPSS-0.00% / 0.02%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 13:56
Updated-11 Feb, 2025 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources

Action-Not Available
Vendor-JetBrains s.r.o.
Product-TeamCity
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-9873
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.00% / 0.02%
||
7 Day CHG~0.00%
Published-03 Jul, 2019 | 18:43
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-intellij_idean/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-9823
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.00% / 0.02%
||
7 Day CHG~0.00%
Published-03 Jul, 2019 | 18:11
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-intellij_idean/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-11694
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.00% / 0.05%
||
7 Day CHG~0.00%
Published-10 Apr, 2020 | 20:46
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. This is fixed in 2019.2.6 and 2019.3.3.

Action-Not Available
Vendor-n/aMicrosoft CorporationJetBrains s.r.o.
Product-windowspycharmn/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-9872
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.00% / 0.02%
||
7 Day CHG~0.00%
Published-03 Jul, 2019 | 18:40
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and configured to synchronize IDE settings using a public repository, these credentials were published to this repository. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-intellij_idean/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-47161
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-4.3||MEDIUM
EPSS-0.00% / 0.06%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 15:48
Updated-11 Oct, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-7909
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.00% / 0.08%
||
7 Day CHG~0.00%
Published-30 Jan, 2020 | 17:12
Updated-04 Aug, 2024 | 09:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-39342
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.47%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 19:39
Updated-31 Mar, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Credova_Financial <= 1.4.8 Sensitive Information Disclosure

The Credova_Financial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled. This affects versions up to, and including, 1.4.8.

Action-Not Available
Vendor-credovaCredova Financial
Product-financialCredova_Financial
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-42172
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 37.19%
||
7 Day CHG~0.00%
Published-11 Jan, 2025 | 06:44
Updated-16 May, 2025 | 13:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL MyXalytics is affected by broken authentication

HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity theft and system control. This vulnerability arises from poor configuration, logic errors, or software bugs and can affect any application with access control, including databases, network infrastructure, and web applications.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-dryice_myxalyticsDRYiCE MyXalytics
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-30169
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-5.3||MEDIUM
EPSS-0.94% / 75.28%
||
7 Day CHG~0.00%
Published-28 Apr, 2021 | 09:30
Updated-17 Sep, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MERIT LILIN ENT.CO.,LTD. P2/Z2/P3/Z3 IP camera - Sensitive Data Exposure-2

The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant user’s credential.

Action-Not Available
Vendor-meritlilinMERIT LILIN ENT.CO.,LTD.
Product-p2g1022x_firmwarep2r8822e4_firmwarep3r6322e2_firmwarez2r6422ax-pz3r6422x3z2r6452ax-pp3r8822e2z2r8152x2-p_firmwarep2r6522e2_firmwarez2r8852ax_firmwarep2r6822e2p2g1022z2r8152x-pp3r6522e2_firmwarez2r6522xz2r8152x2-pp2r6852e4p2g1022_firmwarep2r8852e2z2r6422axz3r8922x3p2r6322ae2p2r6852e2_firmwarep2r6522e4p2r6352ae2_firmwarez2r8852axp2r8852e4_firmwarep2r6322ae2_firmwarez2r8822ax_firmwarez2r6522x_firmwarep2g1022xz3r6422x3_firmwarep2r6522e2z2r8122x2-pp2r6822e4p2r6552e4_firmwarez2r8022ex25z2r8052ex25z2r8822axp2r8822e2p2r6552e2z2r8122x-p_firmwarez2r6422ax-p_firmwarep2r6552e2_firmwarez2r6422ax_firmwarep2r6352ae4_firmwarez2r6552xp2r8852e2_firmwarez2r6552x_firmwarez2r8152x-p_firmwarez2r6452axp2r3052ae2_firmwarep2g1052_firmwarez2r8122x-pp2r6852e2p2r3022ae2_firmwarep2r3052ae2p2r6322ae4_firmwarep3r6322e2p2r6822e2_firmwarep2r8822e2_firmwarez2r6452ax_firmwarep2r6352ae2z2r8022ex25_firmwarep2r6322ae4p2r3022ae2p3r6522e2z3r6522xp2r8822e4p2r6852e4_firmwarep2r6552e4z3r6522x_firmwarep3r8822e2_firmwarep2g1052p2r8852e4z2r8122x2-p_firmwarep2r6822e4_firmwarep2r6522e4_firmwarez2r6452ax-p_firmwarez3r8922x3_firmwarep2r6352ae4z2r8052ex25_firmwareP2/Z2/P3/Z3 IP camera firmware
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-7813
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 17.36%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 03:00
Updated-19 Aug, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Prison Management System Profile Image insufficiently protected credentials

A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. This issue affects some unknown processing of the file /uploadImage/Profile/ of the component Profile Image Handler. The manipulation leads to insufficiently protected credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-prison_management_systemPrison Management Systemprison_management_system
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-7565
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 18.67%
||
7 Day CHG+0.02%
Published-14 Jul, 2025 | 02:44
Updated-17 Jul, 2025 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LB-LINK BL-AC3600 Web Management Interface lighttpd.cgi geteasycfg information disclosure

A vulnerability, which was classified as critical, was found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function geteasycfg of the file /cgi-bin/lighttpd.cgi of the component Web Management Interface. The manipulation of the argument Password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-lb-linkLB-LINK
Product-bl-ac3600_firmwarebl-ac3600BL-AC3600
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-54394
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.46%
||
7 Day CHG~0.00%
Published-07 Aug, 2025 | 00:00
Updated-11 Aug, 2025 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 has Insufficiently Protected Credentials for requests to remote Excel resources.

Action-Not Available
Vendor-netwrixn/a
Product-directory_managern/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2023-23463
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.88%
||
7 Day CHG~0.00%
Published-15 Feb, 2023 | 00:00
Updated-19 Mar, 2025 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sunell DVR – Insufficiently Protected Credentials

Sunell DVR, latest version, Insufficiently Protected Credentials (CWE-522) may be exposed through an unspecified request.

Action-Not Available
Vendor-sunellsecuritySunell
Product-sn-adr3808e2_firmwaresn-xvr3808e2_firmwaresn-xvr3808e2sn-adr3804e1_firmwaresn-adr3816e1sn-adr3804e1sn-adr3808e1sn-adr3816e1_firmwaresn-adr3816e2_firmwaresn-adr3808e1_firmwaresn-adr3816e2sn-xvr3804e1_firmwaresn-adr3808e2sn-xvr3804e1DVR
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-21237
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 0.73%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 16:33
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows NTLM credential theft via a GoToE or GoToR action.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfn/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-21239
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 0.73%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 16:31
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfreadern/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-53667
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 13.59%
||
7 Day CHG~0.00%
Published-09 Jul, 2025 | 15:39
Updated-18 Jul, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Dead Man's Snitch Plugin 0.1 does not mask Dead Man's Snitch tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Action-Not Available
Vendor-Jenkins
Product-dead_man\'s_snitchJenkins Dead Man's Snitch Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-53743
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.02%
||
7 Day CHG~0.00%
Published-09 Jul, 2025 | 15:39
Updated-10 Jul, 2025 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not mask Applitools API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Action-Not Available
Vendor-Jenkins
Product-Jenkins Applitools Eyes Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-44758
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.35%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 06:00
Updated-18 Sep, 2024 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL BigFix Insights for Vulnerability Remediation (IVR) is vulnerable to improper credential handling

BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An attacker can gain access to information that is not explicitly authorized.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-bigfix_insights_for_vulnerability_remediationBigFix Insights for Vulnerability Remediation
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-38739
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-0.05% / 13.28%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 15:53
Updated-18 Aug, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Digital Delivery, versions prior to 5.6.1.0, contains an Insufficiently Protected Credentials vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to Information Disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-digital_deliveryDell Digital Delivery
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-2119
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.11%
||
7 Day CHG~0.00%
Published-12 Feb, 2020 | 14:35
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Action-Not Available
Vendor-Jenkins
Product-azure_adJenkins Azure AD Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-11821
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.67% / 70.50%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 14:19
Updated-04 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them.

Action-Not Available
Vendor-rukovoditeln/a
Product-rukovoditeln/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2023-32280
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 44.69%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:37
Updated-14 Aug, 2024 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials in some Intel(R) Server Product OpenBMC firmware before versions egs-1.05 may allow an unauthenticated user to enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-Intel(R) Server Product OpenBMC firmwareeagle_stream
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-47109
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.21%
||
7 Day CHG~0.00%
Published-10 Mar, 2025 | 16:01
Updated-11 Mar, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling File Gateway information disclosure

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure the installation path of the server which could aid in further attacks against the system.

Action-Not Available
Vendor-IBM Corporation
Product-Sterling File Gateway
CWE ID-CWE-522
Insufficiently Protected Credentials
  • Previous
  • 1
  • 2
  • Next
Details not found