How severe is CVE-2019-15635?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2019-15635?

This is classified as CWE-319, which is a common weakness in software security.

CVE-2019-15635 - MEDIUM Severity | CVSS 4.9

Vulnerability Description

An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, the password for the data source is revealed and sent to the server. From a browser, a prompt to save the credentials is generated, and the password can be revealed by simply checking the "Show password" box.

Related Vulnerabilities

CVE-2019-10363

MEDIUM

CVSS:4.9(Medium)

Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form.

CWE-3192019

CVE-2019-3619

MEDIUM

CVSS:4.9(Medium)

Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive inform...

CWE-3192019

CVE-2020-8355

MEDIUM

CVSS:4.9(Medium)

An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed s...

CWE-3192020

CVE-2020-8356

MEDIUM

CVSS:4.9(Medium)

An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in cle...

CWE-3192020

CVE-2021-25643

MEDIUM

CVSS:4.9(Medium)

An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cle...

CWE-3192021

CVE-2021-3417

MEDIUM

CVSS:4.9(Medium)

An internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for Lenovo XClarity Administrator (LXCA), if added as a Resource Manager, are encoded then written to an...

CWE-3192021