GigaVUE-OS (GVOS) 5.4 – 5.9 stores a Redis database password in plaintext.
CWE-312
CVE-2020-22783
Etherpad <1.8.3 stored passwords used by users insecurely in the database and in log files. This affects every database backend supported by Etherpad.
CVE-2020-2274
Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
CVE-2020-22741
An issue was discovered in Xuperchain 3.6.0 that allows for attackers to recover any arbitrary users’ private key after obtaining the partial signature in multisignature.
CVE-2020-2177
Jenkins Copr Plugin 0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVE-2020-2154
Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores its credentials in plain text in a global configuration file on the Jenkins master file system.