Common Weakness Enumeration

CWE-319

Allowed

Cleartext Transmission of Sensitive Information

Abstraction: Base · Status: Draft

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

1147 vulnerabilities reference this CWE, most recent first.

GHSA-39G8-RV9X-HWGR

Vulnerability from github – Published: 2025-01-17 18:31 – Updated: 2025-01-17 18:31
VLAI
Details

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 expose clear text credentials in the web portal. An attacker can access the ETIC RAS web portal and view the HTML code, which is configured to be hidden, thus allowing a connection to the ETIC RAS ssh server, which could enable an attacker to perform actions on the device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26155"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-319"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-17T17:15:11Z",
    "severity": "MODERATE"
  },
  "details": "All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 \nexpose clear text credentials in the web portal. An attacker can access \nthe ETIC RAS web portal and view the HTML code, which is configured to \nbe hidden, thus allowing a connection to the ETIC RAS ssh server, which \ncould enable an attacker to perform actions on the device.",
  "id": "GHSA-39g8-rv9x-hwgr",
  "modified": "2025-01-17T18:31:14Z",
  "published": "2025-01-17T18:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26155"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-307-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-39Q9-Q8CR-48R9

Vulnerability from github – Published: 2025-03-28 15:31 – Updated: 2025-10-10 18:31
VLAI
Details

SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The use of the HTTP protocol for web browsing has the problem that information is exchanged in unencrypted text. Since sensitive data such as credentials are exchanged, an attacker could obtain them and log in legitimately.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-2861"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-319"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-28T14:15:21Z",
    "severity": "MODERATE"
  },
  "details": "SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The use of the HTTP protocol for web browsing has the problem that information is exchanged in unencrypted text. Since sensitive data such as credentials are exchanged, an attacker could obtain them and log in legitimately.",
  "id": "GHSA-39q9-q8cr-48r9",
  "modified": "2025-10-10T18:31:16Z",
  "published": "2025-03-28T15:31:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2861"
    },
    {
      "type": "WEB",
      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-3CMQ-42W4-C529

Vulnerability from github – Published: 2022-05-24 19:16 – Updated: 2024-03-27 15:30
VLAI
Details

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (--ssl-reqd on the command line orCURLOPT_USE_SSL set to CURLUSESSL_CONTROL or CURLUSESSL_ALL withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations withoutTLS contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-22946"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-319",
      "CWE-325"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-29T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "A user can tell curl \u003e= 7.20.0 and \u003c= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.",
  "id": "GHSA-3cmq-42w4-c529",
  "modified": "2024-03-27T15:30:35Z",
  "published": "2022-05-24T19:16:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22946"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1334111"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5197"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213183"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220121-0008"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20211029-0003"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202212-01"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Mar/29"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3CPQ-RW36-CPPV

Vulnerability from github – Published: 2024-06-26 18:30 – Updated: 2024-06-26 20:07
VLAI
Summary
Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin
Details

When creating secret file credentials Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier attempts to decrypt the content of the file to check if it constitutes a valid encrypted secret. In rare cases the file content matches the expected format of an encrypted secret, and the file content will be stored unencrypted (only Base64 encoded) on the Jenkins controller file system.

These credentials can be viewed by users with access to the Jenkins controller file system (global credentials) or with Item/Extended Read permission (folder-scoped credentials).

Plain Credentials Plugin 183.va_de8f1dd5a_2b_ no longer attempts to decrypt the content of the file when creating secret file credentials.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:plain-credentials"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "183.va"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-39459"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-319",
      "CWE-922"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-26T20:07:12Z",
    "nvd_published_at": "2024-06-26T17:15:27Z",
    "severity": "MODERATE"
  },
  "details": "When creating secret file credentials Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier attempts to decrypt the content of the file to check if it constitutes a valid encrypted secret. In rare cases the file content matches the expected format of an encrypted secret, and the file content will be stored unencrypted (only Base64 encoded) on the Jenkins controller file system.\n\nThese credentials can be viewed by users with access to the Jenkins controller file system (global credentials) or with Item/Extended Read permission (folder-scoped credentials).\n\nPlain Credentials Plugin 183.va_de8f1dd5a_2b_ no longer attempts to decrypt the content of the file when creating secret file credentials.\n",
  "id": "GHSA-3cpq-rw36-cppv",
  "modified": "2024-06-26T20:07:12Z",
  "published": "2024-06-26T18:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39459"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/plain-credentials-plugin/commit/ade8f1dd5a2bc69357995fd50baac56d73f80813"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/plain-credentials-plugin"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-2495"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/06/26/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin "
}

GHSA-3CVG-MW7Q-93PW

Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2022-05-24 17:34
VLAI
Details

Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give an attacker admin level access in the cloud controller.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-5426"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-319"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-11T17:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give an attacker admin level access in the cloud controller.",
  "id": "GHSA-3cvg-mw7q-93pw",
  "modified": "2022-05-24T17:34:05Z",
  "published": "2022-05-24T17:34:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5426"
    },
    {
      "type": "WEB",
      "url": "https://tanzu.vmware.com/security/cve-2020-5426"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-3CVX-236H-M9FJ

Vulnerability from github – Published: 2026-03-03 21:49 – Updated: 2026-03-25 18:45
VLAI
Summary
OpenClaw has an opt-in insecure Control UI auth over plaintext HTTP could allow privileged access
Details

Description

In affected releases, when an operator explicitly enabled gateway.controlUi.allowInsecureAuth: true and exposed the gateway over plaintext HTTP, Control UI authentication could permit privileged operator access without the intended device identity + pairing guarantees.

This required an insecure deployment choice and credential exposure risk (for example, plaintext transit or prior token leak). It was fixed on main in commit 40a292619e1f2be3a3b1db663d7494c9c2dc0abf (PR #20684).

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected published versions: <= 2026.2.19-2
  • Planned patched version: 2026.2.21

Impact

In these explicitly insecure deployments, an attacker with leaked/intercepted credentials could obtain high-privilege Control UI access.

Fix Commit(s)

  • 40a292619e1f2be3a3b1db663d7494c9c2dc0abf (merged 2026-02-20)

OpenClaw thanks @Vasco0x4 for reporting.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2026.2.19-2"
      },
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.2.21"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-32034"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285",
      "CWE-319",
      "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-03T21:49:18Z",
    "nvd_published_at": "2026-03-19T22:16:39Z",
    "severity": "MODERATE"
  },
  "details": "## Description\n\nIn affected releases, when an operator explicitly enabled `gateway.controlUi.allowInsecureAuth: true` and exposed the gateway over plaintext HTTP, Control UI authentication could permit privileged operator access without the intended device identity + pairing guarantees.\n\nThis required an insecure deployment choice and credential exposure risk (for example, plaintext transit or prior token leak). It was fixed on `main` in commit `40a292619e1f2be3a3b1db663d7494c9c2dc0abf` ([PR #20684](https://github.com/openclaw/openclaw/pull/20684)).\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected published versions: `\u003c= 2026.2.19-2`\n- Planned patched version: `2026.2.21`\n\n## Impact\n\nIn these explicitly insecure deployments, an attacker with leaked/intercepted credentials could obtain high-privilege Control UI access.\n\n## Fix Commit(s)\n\n- `40a292619e1f2be3a3b1db663d7494c9c2dc0abf` (merged 2026-02-20)\n\nOpenClaw thanks @Vasco0x4 for reporting.",
  "id": "GHSA-3cvx-236h-m9fj",
  "modified": "2026-03-25T18:45:34Z",
  "published": "2026-03-03T21:49:18Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3cvx-236h-m9fj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32034"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/pull/20684"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/40a292619e1f2be3a3b1db663d7494c9c2dc0abf"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-insecure-control-ui-authentication-over-plaintext-http"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw has an opt-in insecure Control UI auth over plaintext HTTP could allow privileged access"
}

GHSA-3F47-VG2X-225M

Vulnerability from github – Published: 2025-07-11 15:31 – Updated: 2025-07-11 15:31
VLAI
Details

A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle (MitM) and Cross-site scripting (XSS) attacks allowing attackers to read transmitted data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-53861"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-319"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-11T13:15:59Z",
    "severity": "LOW"
  },
  "details": "A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle (MitM) and Cross-site scripting (XSS) attacks allowing attackers to read transmitted data.",
  "id": "GHSA-3f47-vg2x-225m",
  "modified": "2025-07-11T15:31:36Z",
  "published": "2025-07-11T15:31:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53861"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2025-53861"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379360"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3F82-V3QW-53Q7

Vulnerability from github – Published: 2022-05-24 17:22 – Updated: 2022-12-29 00:33
VLAI
Summary
Passwords transmitted in plain text by Jenkins Stash Branch Parameter Plugin
Details

Stash Branch Parameter Plugin stores Stash API passwords in its global configuration file org.jenkinsci.plugins.StashBranchParameter.StashBranchParameterDefinition.xml on the Jenkins controller as part of its configuration.

While the password is stored encrypted on disk, it is transmitted in plain text as part of the configuration form by Stash Branch Parameter Plugin 0.3.0 and earlier. This can result in exposure of the password through browser extensions, cross-site scripting vulnerabilities, and similar situations.

This only affects Jenkins before 2.236, including 2.235.x LTS, as Jenkins 2.236 introduces a security hardening that transparently encrypts and decrypts data used for a Jenkins password form field.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:StashBranchParameter"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-2210"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-319"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-29T00:33:51Z",
    "nvd_published_at": "2020-07-02T15:15:00Z",
    "severity": "LOW"
  },
  "details": "Stash Branch Parameter Plugin stores Stash API passwords in its global configuration file `org.jenkinsci.plugins.StashBranchParameter.StashBranchParameterDefinition.xml` on the Jenkins controller as part of its configuration.\n\nWhile the password is stored encrypted on disk, it is transmitted in plain text as part of the configuration form by Stash Branch Parameter Plugin 0.3.0 and earlier. This can result in exposure of the password through browser extensions, cross-site scripting vulnerabilities, and similar situations.\n\nThis only affects Jenkins before 2.236, including 2.235.x LTS, as Jenkins 2.236 introduces a security hardening that transparently encrypts and decrypts data used for a Jenkins password form field.",
  "id": "GHSA-3f82-v3qw-53q7",
  "modified": "2022-12-29T00:33:51Z",
  "published": "2022-05-24T17:22:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2210"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/stash-branch-parameters-plugin"
    },
    {
      "type": "WEB",
      "url": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1656"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/07/02/7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Passwords transmitted in plain text by Jenkins Stash Branch Parameter Plugin"
}

GHSA-3FR7-JCH8-4QJV

Vulnerability from github – Published: 2026-02-20 18:31 – Updated: 2026-02-20 18:31
VLAI
Details

The embedded web interface of the device does not support HTTPS/TLS for authentication and uses HTTP Basic Authentication. Traffic is encoded but not encrypted, exposing user credentials to passive interception by attackers on the same network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-24455"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-319"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-20T17:25:51Z",
    "severity": "HIGH"
  },
  "details": "The embedded web interface of the device does not support HTTPS/TLS for \nauthentication and uses HTTP Basic Authentication. Traffic is encoded \nbut not encrypted, exposing user credentials to passive interception by \nattackers on the same network.",
  "id": "GHSA-3fr7-jch8-4qjv",
  "modified": "2026-02-20T18:31:39Z",
  "published": "2026-02-20T18:31:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24455"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-050-03.json"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-050-03"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3G2G-RCM6-RRQ2

Vulnerability from github – Published: 2023-01-26 21:30 – Updated: 2023-02-06 16:40
VLAI
Summary
Cleartext Transmission of Sensitive Information in Jenkins JIRA Pipeline Steps Plugin
Details

Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier transmits the private key in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:jira-steps"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.0.165.v8846cf59f3db"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-24440"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-319"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-01-27T01:19:05Z",
    "nvd_published_at": "2023-01-26T21:18:00Z",
    "severity": "MODERATE"
  },
  "details": "Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier transmits the private key in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.",
  "id": "GHSA-3g2g-rcm6-rrq2",
  "modified": "2023-02-06T16:40:55Z",
  "published": "2023-01-26T21:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24440"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2774"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Cleartext Transmission of Sensitive Information in Jenkins JIRA Pipeline Steps Plugin"
}

Mitigation
Architecture and Design

Before transmitting, encrypt the data using reliable, confidentiality-protecting cryptographic protocols.

Mitigation
Implementation

When using web applications with SSL, use SSL for the entire session from login to logout, not just for the initial login page.

Mitigation
Implementation

When designing hardware platforms, ensure that approved encryption algorithms (such as those recommended by NIST) protect paths from security critical data to trusted user applications.

Mitigation
Testing

Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules.

Mitigation
Operation

Configure servers to use encrypted channels for communication, which may include SSL or other secure protocols.

CAPEC-102: Session Sidejacking

Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.

CAPEC-117: Interception

An adversary monitors data streams to or from the target for information gathering purposes. This attack may be undertaken to solely gather sensitive information or to support a further attack against the target. This attack pattern can involve sniffing network traffic as well as other types of data streams (e.g. radio). The adversary can attempt to initiate the establishment of a data stream or passively observe the communications as they unfold. In all variants of this attack, the adversary is not the intended recipient of the data stream. In contrast to other means of gathering information (e.g., targeting data leaks), the adversary must actively position themself so as to observe explicit data channels (e.g. network traffic) and read the content. However, this attack differs from a Adversary-In-the-Middle (CAPEC-94) attack, as the adversary does not alter the content of the communications nor forward data to the intended recipient.

CAPEC-383: Harvesting Information via API Event Monitoring

An adversary hosts an event within an application framework and then monitors the data exchanged during the course of the event for the purpose of harvesting any important data leaked during the transactions. One example could be harvesting lists of usernames or userIDs for the purpose of sending spam messages to those users. One example of this type of attack involves the adversary creating an event within the sub-application. Assume the adversary hosts a "virtual sale" of rare items. As other users enter the event, the attacker records via AiTM (CAPEC-94) proxy the user_ids and usernames of everyone who attends. The adversary would then be able to spam those users within the application using an automated script.

CAPEC-477: Signature Spoofing by Mixing Signed and Unsigned Content

An attacker exploits the underlying complexity of a data structure that allows for both signed and unsigned content, to cause unsigned data to be processed as though it were signed data.

CAPEC-65: Sniff Application Code

An adversary passively sniffs network communications and captures application code bound for an authorized client. Once obtained, they can use it as-is, or through reverse-engineering glean sensitive information or exploit the trust relationship between the client and server. Such code may belong to a dynamic update to the client, a patch being applied to a client component or any such interaction where the client is authorized to communicate with the server.