Skip to main content

CWE-549

Missing Password Field Masking

13 CVEs Avg CVSS 4.9 MITRE
0
CRITICAL
0
HIGH
9
MEDIUM
3
LOW
0
POC
0
KEV

Monthly

CVE-2026-3314 MEDIUM PATCH This Month

Password field masking is absent in Hitachi Ops Center Analyzer, Ops Center Analyzer viewpoint, and Hitachi Infrastructure Analytics Advisor, exposing plaintext credentials to anyone with physical or visual access to the UI. Affected components include the detail view, probe modules, and Analytics probe modules across a wide version range. No public exploit has been identified at time of analysis, and the EPSS score of 0.02% (4th percentile) reflects negligible automated exploitation probability.

Information Disclosure Hitachi Ops Center Analyzer Hitachi Ops Center Analyzer Viewpoint Hitachi Infrastructure Analytics Advisor
NVD VulDB
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-13175 Monitor

Y Soft SafeQ 6 renders the Workflow Connector password field in a way that allows an administrator with UI access to reveal the value using browser developer/inspection tools. The affected customers are only those with a password-protected scan workflow connector.

Information Disclosure
NVD
EPSS
0.0%
CVE-2025-64170 Cargo LOW PATCH Monitor

sudo-rs is a memory safe implementation of sudo and su written in Rust. Rated low severity (CVSS 3.8). No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-31728 Maven MEDIUM This Month

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not mask AsakusaSatellite API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Asakusasatellite
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31727 Maven MEDIUM This Month

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Asakusasatellite
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-30197 Maven LOW PATCH Monitor

Jenkins Zoho QEngine Plugin 1.0.29.vfa_cc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jenkins Zoho Qengine
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-0148 Maven LOW PATCH Monitor

Missing password field masking in the Zoom Jenkins Marketplace plugin before version 1.6 may allow an unauthenticated user to conduct a disclosure of information via adjacent network access. Rated low severity (CVSS 2.6), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Jenkins
NVD
CVSS 3.1
2.6
EPSS
0.1%
CVE-2024-10122 MEDIUM This Month

A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Inner Rep Plus
NVD VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2023-2062 MEDIUM This Month

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fx5 Enet Ip Firmware Sw1Dnn Eipct Bd Firmware Rj71Eip91 Firmware Sw1Dnn Eipctfx5 Bd Firmware
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2023-1763 MEDIUM This Month

Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ij Network Tool
NVD
CVSS 3.1
6.5
EPSS
0.3%
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

Password field masking is absent in Hitachi Ops Center Analyzer, Ops Center Analyzer viewpoint, and Hitachi Infrastructure Analytics Advisor, exposing plaintext credentials to anyone with physical or visual access to the UI. Affected components include the detail view, probe modules, and Analytics probe modules across a wide version range. No public exploit has been identified at time of analysis, and the EPSS score of 0.02% (4th percentile) reflects negligible automated exploitation probability.

Information Disclosure Hitachi Ops Center Analyzer Hitachi Ops Center Analyzer Viewpoint +1
NVD VulDB
EPSS 0%
Monitor

Y Soft SafeQ 6 renders the Workflow Connector password field in a way that allows an administrator with UI access to reveal the value using browser developer/inspection tools. The affected customers are only those with a password-protected scan workflow connector.

Information Disclosure
NVD
EPSS 0% CVSS 3.8
LOW PATCH Monitor

sudo-rs is a memory safe implementation of sudo and su written in Rust. Rated low severity (CVSS 3.8). No vendor patch available.

Information Disclosure
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not mask AsakusaSatellite API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Asakusasatellite
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Asakusasatellite
NVD
EPSS 0% CVSS 3.1
LOW PATCH Monitor

Jenkins Zoho QEngine Plugin 1.0.29.vfa_cc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jenkins Zoho Qengine
NVD
EPSS 0% CVSS 2.6
LOW PATCH Monitor

Missing password field masking in the Zoom Jenkins Marketplace plugin before version 1.6 may allow an unauthenticated user to conduct a disclosure of information via adjacent network access. Rated low severity (CVSS 2.6), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Jenkins
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Inner Rep Plus
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM This Month

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fx5 Enet Ip Firmware Sw1Dnn Eipct Bd Firmware +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ij Network Tool
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy