CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50974
https://notcve.org/view.php?id=CVE-2023-50974
09 Jan 2024 — In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials. En Appwrite CLI anterior a 3.0.0, cuando se utiliza el comando de inicio de sesión, las credenciales del usuario de Appwrite se almacenan en un archivo ~/.appwrite/prefs.json con 0644 como permisos UNIX. Cualquier usuario del sistema local puede acceder a esas credenciales. • https://appwrite.io/docs/tooling/command-line/installation • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.8EPSS: 0%CPEs: 14EXPL: 0CVE-2022-32550
https://notcve.org/view.php?id=CVE-2022-32550
15 Jun 2022 — An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. In specific circumstances, this issue allowed a malicious server to convince a 1Password app or integration it is communicating with the 1Password service. Se ha detectado un problema en AgileBits 1Password, que afecta al método que usan varias aplicaciones e integraciones de 1Password para crear conexiones con el servicio de 1Password. En determin... • https://support.1password.com/kb/202206 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-41092 – Docker CLI leaks private registry credentials to registry-1.docker.io
https://notcve.org/view.php?id=CVE-2021-41092
04 Oct 2021 — Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this ver... • https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3781 – CF CLI does not sanitize user's password in verbose/trace/debug
https://notcve.org/view.php?id=CVE-2019-3781
07 Mar 2019 — Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to logs may gain part or all of a users password. Cloud Foudry CLI, en versiones anteriores a v6.43.0, expone contraseñas de manera incorrecta cuando verbose/trace/debugging está habilitado. Un usuario no autenticado o un usuario remoto autenticado malicioso con acceso a los logs podría obtener parte o toda la contras... • http://www.securityfocus.com/bid/107365 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-215: Insertion of Sensitive Information Into Debugging Code •