CWE-203
AllowedObservable Discrepancy
Abstraction: Base · Status: Incomplete
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
836 vulnerabilities reference this CWE, most recent first.
GHSA-879H-24P2-CVV7
Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2022-05-24 17:43Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2021-21173"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-09T18:15:00Z",
"severity": "MODERATE"
},
"details": "Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"id": "GHSA-879h-24p2-cvv7",
"modified": "2022-05-24T17:43:57Z",
"published": "2022-05-24T17:43:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21173"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1154250"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BBT54RKAE5XLMWSHLVUKJ7T2XHHYMXLH"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FE5SIKEVYTMDCC5OSXGOM2KRPYLHYMQX"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LCIDZ77XUDMB2EBPPWCQXPEIJERDNSNT"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202104-08"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4886"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-88RC-96XJ-2MVH
Vulnerability from github – Published: 2024-06-20 12:31 – Updated: 2025-01-07 00:31In the Linux kernel, the following vulnerability has been resolved:
dma-buf: heaps: Fix potential spectre v1 gadget
It appears like nr could be a Spectre v1 gadget as it's supplied by a user and used as an array index. Prevent the contents of kernel memory from being leaked to userspace via speculative execution by using array_index_nospec.
[sumits: added fixes and cc: stable tags]
{
"affected": [],
"aliases": [
"CVE-2022-48730"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-20T12:15:11Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: heaps: Fix potential spectre v1 gadget\n\nIt appears like nr could be a Spectre v1 gadget as it\u0027s supplied by a\nuser and used as an array index. Prevent the contents\nof kernel memory from being leaked to userspace via speculative\nexecution by using array_index_nospec.\n\n [sumits: added fixes and cc: stable tags]",
"id": "GHSA-88rc-96xj-2mvh",
"modified": "2025-01-07T00:31:39Z",
"published": "2024-06-20T12:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48730"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/24f8e12d965b24f8aea762589e0e9fe2025c005e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5d40f1bdad3dd1a177f21a90ad4353c1ed40ba3a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/92c4cfaee6872038563c5b6f2e8e613f9d84d47d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cc8f7940d9c2d45f67b3d1a2f2b7a829ca561bed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8934-73X5-7J23
Vulnerability from github – Published: 2022-05-24 17:14 – Updated: 2022-05-24 17:14wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks.
{
"affected": [],
"aliases": [
"CVE-2020-11713"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-327"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-04-12T17:15:00Z",
"severity": "MODERATE"
},
"details": "wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks.",
"id": "GHSA-8934-73x5-7j23",
"modified": "2022-05-24T17:14:02Z",
"published": "2022-05-24T17:14:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11713"
},
{
"type": "WEB",
"url": "https://github.com/wolfSSL/wolfssl/pull/2894"
},
{
"type": "WEB",
"url": "https://gist.github.com/pietroborrello/7c5be2d1dc15349c4ffc8671f0aad04f"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-89P3-9J8C-FQH4
Vulnerability from github – Published: 2023-03-12 06:30 – Updated: 2026-02-03 17:38Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-gmrf-99gw-vvwj. This link is maintained to preserve external references.
Original Description
This Security Advisory is about a vulnerability in eZ Platform v1.13, v2.5, and v3.2, and in Ibexa DXP and Ibexa Open Source v3.3. The /user/sessions endpoint can let an attacker detect if a given username or email refers to a valid account. This can be detected through differences in the response data or response time of certain requests. The fix ensures neither attack is possible. The fix is distributed via Composer.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "ezsystems/ezpublish-kernel"
},
"ranges": [
{
"events": [
{
"introduced": "6.13.0"
},
{
"fixed": "6.13.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "ezsystems/ezpublish-kernel"
},
"ranges": [
{
"events": [
{
"introduced": "7.5.0"
},
{
"fixed": "7.5.15.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": true,
"github_reviewed_at": "2023-03-13T20:58:01Z",
"nvd_published_at": "2023-03-12T05:15:00Z",
"severity": "MODERATE"
},
"details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-gmrf-99gw-vvwj. This link is maintained to preserve external references.\n\n## Original Description\n\nThis Security Advisory is about a vulnerability in eZ Platform v1.13, v2.5, and v3.2, and in Ibexa DXP and Ibexa Open Source v3.3. The /user/sessions endpoint can let an attacker detect if a given username or email refers to a valid account. This can be detected through differences in the response data or response time of certain requests. The fix ensures neither attack is possible. The fix is distributed via Composer.",
"id": "GHSA-89p3-9j8c-fqh4",
"modified": "2026-02-03T17:38:51Z",
"published": "2023-03-12T06:30:21Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-gmrf-99gw-vvwj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46876"
},
{
"type": "WEB",
"url": "https://github.com/ezsystems/ezpublish-kernel/commit/b496f073c3f03707d3531a6941dc098b84e3cbed"
},
{
"type": "PACKAGE",
"url": "https://github.com/ezsystems/ezpublish-kernel"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Duplicate Advisory: User account enumeration in eZ Publish Ibexa Kernel",
"withdrawn": "2026-02-03T17:38:51Z"
}
GHSA-8C4P-575F-FQ4H
Vulnerability from github – Published: 2022-05-24 17:18 – Updated: 2022-05-24 17:18An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force.
{
"affected": [],
"aliases": [
"CVE-2020-13413"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-05-22T21:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force.",
"id": "GHSA-8c4p-575f-fq4h",
"modified": "2022-05-24T17:18:36Z",
"published": "2022-05-24T17:18:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13413"
},
{
"type": "WEB",
"url": "https://docs.aviatrix.com/HowTos/security_bulletin_article.html#observable-response-discrepancy-from-api"
},
{
"type": "WEB",
"url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-8C7M-P9HJ-2J62
Vulnerability from github – Published: 2022-10-06 18:52 – Updated: 2022-10-08 00:00In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. The vulnerability is due to insecure design, where a difference in forgot password utility could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. This affects NeDi 1.0.7 for OS X 1.0.7 <= and NeDi for Suse 1.0.7 <= and NeDi for FreeBSD 1.0.7 <=.
{
"affected": [],
"aliases": [
"CVE-2022-40895"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-06T18:16:00Z",
"severity": "CRITICAL"
},
"details": "In certain Nedi products, a vulnerability in the web UI of NeDi login \u0026 Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. The vulnerability is due to insecure design, where a difference in forgot password utility could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. This affects NeDi 1.0.7 for OS X 1.0.7 \u003c= and NeDi for Suse 1.0.7 \u003c= and NeDi for FreeBSD 1.0.7 \u003c=.",
"id": "GHSA-8c7m-p9hj-2j62",
"modified": "2022-10-08T00:00:20Z",
"published": "2022-10-06T18:52:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40895"
},
{
"type": "WEB",
"url": "https://gist.github.com/UditChavda/2f2effa477a429b485ae7e2dc3bbd04f"
},
{
"type": "WEB",
"url": "https://www.nedi.ch"
},
{
"type": "WEB",
"url": "http://forum.nedi.ch/index.php"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8CH4-58QP-G3MP
Vulnerability from github – Published: 2021-06-11 17:43 – Updated: 2024-11-19 18:19The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "websockets"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-33880"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-208"
],
"github_reviewed": true,
"github_reviewed_at": "2021-06-10T16:24:45Z",
"nvd_published_at": "2021-06-06T15:15:00Z",
"severity": "HIGH"
},
"details": "The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.",
"id": "GHSA-8ch4-58qp-g3mp",
"modified": "2024-11-19T18:19:55Z",
"published": "2021-06-11T17:43:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33880"
},
{
"type": "WEB",
"url": "https://github.com/aaugustin/websockets/commit/547a26b685d08cac0aa64e5e65f7867ac0ea9bc0"
},
{
"type": "WEB",
"url": "https://github.com/aaugustin/websockets"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/websockets/PYSEC-2021-95.yaml"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Observable Timing Discrepancy in aaugustin websockets library"
}
GHSA-8CWM-WR6Q-X76P
Vulnerability from github – Published: 2024-01-22 06:30 – Updated: 2024-01-26 21:30darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel.
{
"affected": [],
"aliases": [
"CVE-2024-23771"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-22T04:15:07Z",
"severity": "CRITICAL"
},
"details": "darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel.",
"id": "GHSA-8cwm-wr6q-x76p",
"modified": "2024-01-26T21:30:21Z",
"published": "2024-01-22T06:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23771"
},
{
"type": "WEB",
"url": "https://github.com/emikulic/darkhttpd/commit/f477619d49f3c4de9ad59bd194265a48ddc03f04"
},
{
"type": "WEB",
"url": "https://github.com/emikulic/darkhttpd/compare/v1.14...v1.15"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/01/25/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8H4Q-W278-X888
Vulnerability from github – Published: 2022-04-30 18:18 – Updated: 2022-04-30 18:18PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack and modifies packets in ICMP error messages in a way that allows remote attackers to determine that the system is running PGPfire.
{
"affected": [],
"aliases": [
"CVE-2002-0208"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2002-05-16T04:00:00Z",
"severity": "MODERATE"
},
"details": "PGP Security PGPfire 7.1 for Windows alters the system\u0027s TCP/IP stack and modifies packets in ICMP error messages in a way that allows remote attackers to determine that the system is running PGPfire.",
"id": "GHSA-8h4q-w278-x888",
"modified": "2022-04-30T18:18:45Z",
"published": "2022-04-30T18:18:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0208"
},
{
"type": "WEB",
"url": "http://online.securityfocus.com/archive/1/252407"
},
{
"type": "WEB",
"url": "http://www.iss.net/security_center/static/8008.php"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/3961"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-8H69-RHJ2-R69P
Vulnerability from github – Published: 2022-05-07 00:00 – Updated: 2022-05-18 00:00The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors.
{
"affected": [],
"aliases": [
"CVE-2021-33845"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-06T17:15:00Z",
"severity": "MODERATE"
},
"details": "The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors.",
"id": "GHSA-8h69-rhj2-r69p",
"modified": "2022-05-18T00:00:38Z",
"published": "2022-05-07T00:00:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33845"
},
{
"type": "WEB",
"url": "https://research.splunk.com/application/splunk_user_enumeration_attempt"
},
{
"type": "WEB",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0502.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-39
- Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
- If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
- Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
CAPEC-189: Black Box Reverse Engineering
An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs. Black Box Reverse Engineering also refers to gathering physical side effects of a hardware device, such as electromagnetic radiation or sounds.