Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-49379

Summary
Assigner-JetBrains
Assigner Org ID-547ada31-17d8-4964-bc5f-1b8238ba8014
Published At-29 May, 2026 | 18:15
Updated At-29 May, 2026 | 19:28
Rejected At-
Credits

In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:JetBrains
Assigner Org ID:547ada31-17d8-4964-bc5f-1b8238ba8014
Published At:29 May, 2026 | 18:15
Updated At:29 May, 2026 | 19:28
Rejected At:
â–¼CVE Numbering Authority (CNA)

In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names

Affected Products
Vendor
JetBrains s.r.o.JetBrains
Product
TeamCity
Default Status
unaffected
Versions
Affected
  • From 0 before 2026.1 (semver)
Problem Types
TypeCWE IDDescription
N/AN/ACWE-522
Type: N/A
CWE ID: N/A
Description: CWE-522
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.jetbrains.com/privacy-security/issues-fixed/
N/A
Hyperlink: https://www.jetbrains.com/privacy-security/issues-fixed/
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@jetbrains.com
Published At:29 May, 2026 | 19:16
Updated At:29 May, 2026 | 20:11

In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-522Primarycve@jetbrains.com
CWE ID: CWE-522
Type: Primary
Source: cve@jetbrains.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.jetbrains.com/privacy-security/issues-fixed/cve@jetbrains.com
N/A
Hyperlink: https://www.jetbrains.com/privacy-security/issues-fixed/
Source: cve@jetbrains.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

176Records found
CVE-2024-47161
Matching Score-10
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-10
Assigner-JetBrains s.r.o.
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 0.27%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 15:48
Updated-11 Oct, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-44624
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-6.5||MEDIUM
EPSS-0.00% / 0.18%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 00:00
Updated-02 May, 2025 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2026-49386
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-6.5||MEDIUM
EPSS-Not Assigned
Published-29 May, 2026 | 18:15
Updated-29 May, 2026 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas

Action-Not Available
Vendor-JetBrains s.r.o.
Product-YouTrack
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-36321
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-4.1||MEDIUM
EPSS-0.01% / 0.55%
||
7 Day CHG~0.00%
Published-20 Jul, 2022 | 12:30
Updated-03 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-41824
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-6.4||MEDIUM
EPSS-0.01% / 2.79%
||
7 Day CHG~0.00%
Published-22 Jul, 2024 | 14:50
Updated-07 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-41828
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-2.6||LOW
EPSS-0.01% / 0.58%
||
7 Day CHG~0.00%
Published-22 Jul, 2024 | 14:50
Updated-07 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-208
Observable Timing Discrepancy
CVE-2024-36364
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-6.5||MEDIUM
EPSS-0.00% / 0.21%
||
7 Day CHG~0.00%
Published-29 May, 2024 | 13:28
Updated-16 Dec, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-36362
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 0.49%
||
7 Day CHG~0.00%
Published-29 May, 2024 | 13:28
Updated-16 Dec, 2024 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was possible

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-36377
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-6.5||MEDIUM
EPSS-0.00% / 0.18%
||
7 Day CHG~0.00%
Published-29 May, 2024 | 13:29
Updated-27 Jan, 2025 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-862
Missing Authorization
CVE-2024-36376
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-6.5||MEDIUM
EPSS-0.00% / 0.18%
||
7 Day CHG~0.00%
Published-29 May, 2024 | 13:29
Updated-27 Jan, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to them based on their permissions

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCityteamcity
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-25846
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-6.5||MEDIUM
EPSS-0.00% / 0.01%
||
7 Day CHG~0.00%
Published-09 Feb, 2026 | 10:38
Updated-18 Feb, 2026 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrack
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2025-57734
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-4.3||MEDIUM
EPSS-0.00% / 0.03%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 09:14
Updated-21 Aug, 2025 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory
CVE-2024-56353
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.22%
||
7 Day CHG~0.00%
Published-20 Dec, 2024 | 14:11
Updated-02 Jan, 2025 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
CVE-2025-24461
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-6.5||MEDIUM
EPSS-0.00% / 0.16%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 17:23
Updated-30 Jan, 2025 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-862
Missing Authorization
CVE-2023-38067
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-4.3||MEDIUM
EPSS-0.00% / 0.19%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 12:48
Updated-22 Oct, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-38064
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-4.3||MEDIUM
EPSS-0.00% / 0.19%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 12:48
Updated-22 Oct, 2024 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-38062
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-4.3||MEDIUM
EPSS-0.00% / 0.19%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 12:48
Updated-23 Oct, 2024 | 14:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-44623
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-6.5||MEDIUM
EPSS-0.00% / 0.18%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory
CVE-2022-28651
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-8.4||HIGH
EPSS-0.00% / 0.04%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 17:55
Updated-03 Aug, 2024 | 05:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields

Action-Not Available
Vendor-JetBrains s.r.o.
Product-intellij_ideaIntelliJ IDEA
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-26492
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-7.7||HIGH
EPSS-0.01% / 0.30%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 13:56
Updated-11 Feb, 2025 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources

Action-Not Available
Vendor-JetBrains s.r.o.
Product-TeamCity
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-39878
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-4.1||MEDIUM
EPSS-0.01% / 0.24%
||
7 Day CHG~0.00%
Published-01 Jul, 2024 | 17:07
Updated-17 Sep, 2024 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-39879
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-5||MEDIUM
EPSS-0.01% / 0.24%
||
7 Day CHG~0.00%
Published-01 Jul, 2024 | 17:07
Updated-17 Sep, 2024 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCityteamcity
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-38505
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 0.53%
||
7 Day CHG~0.00%
Published-18 Jun, 2024 | 10:42
Updated-23 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrackyoutrack
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-37051
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-9.3||CRITICAL
EPSS-6.32% / 91.11%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 15:58
Updated-13 Feb, 2025 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4

Action-Not Available
Vendor-JetBrains s.r.o.
Product-webstormpycharmdatagripmpsintellij_ideaclionaquagolandphpstormriderrustroverrubyminedataspellPyCharmIntelliJ IDEARubyMineWebStormMPSRustRoverPhpStormGoLandAquaDataGripCLionRiderDataSpellpycharmrustroveraquadatagripgolandwebstormridermpsrubyminephpstormclionintellij_ideadataspell
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-56354
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-5.5||MEDIUM
EPSS-0.00% / 0.16%
||
7 Day CHG~0.00%
Published-20 Dec, 2024 | 14:11
Updated-02 Jan, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-47162
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-4.1||MEDIUM
EPSS-0.01% / 0.22%
||
7 Day CHG~0.00%
Published-19 Sep, 2024 | 17:20
Updated-24 Sep, 2024 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrack
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-48433
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-6.1||MEDIUM
EPSS-0.00% / 0.19%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 12:07
Updated-12 Feb, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server.

Action-Not Available
Vendor-JetBrains s.r.o.
Product-intellij_ideaIntelliJ IDEA
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-43419
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.75% / 73.49%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 00:00
Updated-08 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-katalonJenkins Katalon Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-41255
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.35% / 57.60%
||
7 Day CHG~0.00%
Published-21 Sep, 2022 | 15:46
Updated-28 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-cons3rtJenkins CONS3RT Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-41564
Matching Score-4
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-4
Assigner-TIBCO Software Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.22% / 44.87%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 00:00
Updated-20 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Operational Intelligence Hawk Redtail Credential Exposure Vulnerability

The Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk and TIBCO Operational Intelligence Hawk RedTail contains a vulnerability that will return the EMS transport password and EMS SSL password to a privileged user. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.1.0 through 6.2.1 and TIBCO Operational Intelligence Hawk RedTail: versions 7.0.0 through 7.2.0.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-hawkoperational_intelligence_hawk_redtailTIBCO Operational Intelligence Hawk RedTailTIBCO Hawk
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-40685
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 44.64%
||
7 Day CHG-0.04%
Published-10 May, 2023 | 13:17
Updated-27 Jan, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials in the Intel(R) DCM software before version 5.0.1 may allow an authenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-data_center_managerIntel(R) DCM software
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-39816
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.80%
||
7 Day CHG~0.00%
Published-13 Sep, 2022 | 20:36
Updated-03 Aug, 2024 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (cleartext administrator password) occur in the edit configuration page. Exploitation requires an authenticated attacker.

Action-Not Available
Vendor-n/aNokia Corporation
Product-1350_optical_management_systemn/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-38665
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.46% / 64.68%
||
7 Day CHG~0.00%
Published-23 Aug, 2022 | 16:45
Updated-03 Aug, 2024 | 11:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-collabnetJenkins CollabNet Plugins Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-4679
Matching Score-4
Assigner-Synology Inc.
ShareView Details
Matching Score-4
Assigner-Synology Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 22.03%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 08:36
Updated-02 Jul, 2025 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Synology Active Backup for Microsoft 365 allows remote authenticated attackers to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-active_backup_for_microsoft_365Active Backup for Microsoft 365
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-38121
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-44.28% / 97.61%
||
7 Day CHG~0.00%
Published-10 Nov, 2022 | 02:20
Updated-01 May, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
POWERCOM CO., LTD. UPSMON PRO - Insufficiently Protected Credentials

UPSMON PRO configuration file stores user password in plaintext under public user directory. A remote attacker with general user privilege can access all users‘ and administrators' account names and passwords via this unprotected configuration file.

Action-Not Available
Vendor-upspowercomPOWERCOM CO., LTD.
Product-upsmon_proUPSMON PRO
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-38663
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-2.05% / 84.14%
||
7 Day CHG~0.00%
Published-23 Aug, 2022 | 16:45
Updated-03 Aug, 2024 | 11:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding.

Action-Not Available
Vendor-Jenkins
Product-gitJenkins Git Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-36901
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.43% / 63.15%
||
7 Day CHG~0.00%
Published-27 Jul, 2022 | 14:25
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-http_requestJenkins HTTP Request Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-34809
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 53.65%
||
7 Day CHG~0.00%
Published-30 Jun, 2022 | 17:48
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-rqmJenkins RQM Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-34199
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 44.44%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 14:41
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-convertigo_mobile_platformJenkins Convertigo Mobile Platform Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-34202
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 44.44%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 14:41
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-easyqaJenkins EasyQA Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-34213
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 44.44%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 14:41
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-squash_tm_publisherJenkins Squash TM Publisher (Squash4Jenkins) Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-34806
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 53.65%
||
7 Day CHG~0.00%
Published-30 Jun, 2022 | 17:48
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-jigomergeJenkins Jigomerge Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-34816
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 53.65%
||
7 Day CHG~0.00%
Published-30 Jun, 2022 | 17:49
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins HPE Network Virtualization Plugin 1.0 stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-hpe_network_virtualizationJenkins HPE Network Virtualization Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-33169
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.13%
||
7 Day CHG~0.00%
Published-31 Jul, 2022 | 17:30
Updated-16 Sep, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulk upload. IBM X-Force ID: 228888.

Action-Not Available
Vendor-IBM Corporation
Product-robotic_process_automationRobotic Process Automation
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-30952
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 31.84%
||
7 Day CHG-0.02%
Published-17 May, 2022 | 00:00
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-blue_oceanJenkins Pipeline SCM API for Blue Ocean Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-29833
Matching Score-4
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-4
Assigner-Mitsubishi Electric Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.29% / 52.93%
||
7 Day CHG~0.00%
Published-24 Nov, 2022 | 23:38
Updated-25 Apr, 2025 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could access to MELSEC safety CPU modules illgally.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-gx_works3GX Works3
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-22115
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 44.01%
||
7 Day CHG~0.00%
Published-08 Apr, 2021 | 17:28
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. CAPI database logs service broker password in plain text whenever a job to clean up orphaned items is run by Cloud Controller.

Action-Not Available
Vendor-n/aCloud Foundry
Product-capi-releasecf-deploymentCloud Control API
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-28135
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.06%
||
7 Day CHG~0.00%
Published-29 Mar, 2022 | 12:30
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-instant-messagingJenkins instant-messaging Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-33079
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.08%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 01:05
Updated-26 Aug, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Controller information disclosure

IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code.

Action-Not Available
Vendor-IBM Corporation
Product-controllercognos_controllerCognos ControllerController
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-20445
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 34.81%
||
7 Day CHG~0.00%
Published-18 Feb, 2021 | 15:10
Updated-17 Sep, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain sensitive information due to insecure storeage of authentication credentials. IBM X-Force ID: 196621.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsmaximo_for_civil_infrastructurelinux_kernelMaximo for Civil Infrastructure
CWE ID-CWE-522
Insufficiently Protected Credentials
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found