CVE-2024-23551

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-522
View all →

Vulnerability Description

Database scanning using username and password stores the credentials in plaintext or encoded format within files at the endpoint. This has been identified as a significant security risk. This will lead to exposure of sensitive information for unauthorized access, potentially leading to severe consequences such as data breaches, unauthorized data manipulation, and compromised system integrity.

Related Vulnerabilities

CVE-2017-18695

MEDIUM
CVSS:6.5(Medium)

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. Attackers (who control a certain subdomain) can discover a user's credentials, during an email ...

CWE-5222017

CVE-2018-17871

MEDIUM
CVSS:6.5(Medium)

Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Incorrect Access Control.

CWE-5222018

CVE-2018-21031

MEDIUM
CVSS:6.5(Medium)

Tautulli versions 2.1.38 and below allows remote attackers to bypass intended access control in Plex Media Server because the X-Plex-Token is mishandled and can be retrieved from Tautulli. NOTE: Initi...

CWE-5222018

CVE-2019-1003045

MEDIUM
CVSS:6.5(Medium)

A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token...

CWE-5222019

CVE-2019-1003096

MEDIUM
CVSS:6.5(Medium)

Jenkins TestFairy Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file syst...

CWE-5222019

CVE-2019-1003097

MEDIUM
CVSS:6.5(Medium)

Jenkins Crowd Integration Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file syste...

CWE-5222019