Common Weakness Enumeration

CWE-203

Allowed

Observable Discrepancy

Abstraction: Base · Status: Incomplete

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

836 vulnerabilities reference this CWE, most recent first.

GHSA-879H-24P2-CVV7

Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2022-05-24 17:43
VLAI
Details

Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-21173"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-09T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
  "id": "GHSA-879h-24p2-cvv7",
  "modified": "2022-05-24T17:43:57Z",
  "published": "2022-05-24T17:43:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21173"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1154250"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BBT54RKAE5XLMWSHLVUKJ7T2XHHYMXLH"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FE5SIKEVYTMDCC5OSXGOM2KRPYLHYMQX"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LCIDZ77XUDMB2EBPPWCQXPEIJERDNSNT"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202104-08"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4886"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-88RC-96XJ-2MVH

Vulnerability from github – Published: 2024-06-20 12:31 – Updated: 2025-01-07 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

dma-buf: heaps: Fix potential spectre v1 gadget

It appears like nr could be a Spectre v1 gadget as it's supplied by a user and used as an array index. Prevent the contents of kernel memory from being leaked to userspace via speculative execution by using array_index_nospec.

[sumits: added fixes and cc: stable tags]

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48730"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-20T12:15:11Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf: heaps: Fix potential spectre v1 gadget\n\nIt appears like nr could be a Spectre v1 gadget as it\u0027s supplied by a\nuser and used as an array index. Prevent the contents\nof kernel memory from being leaked to userspace via speculative\nexecution by using array_index_nospec.\n\n [sumits: added fixes and cc: stable tags]",
  "id": "GHSA-88rc-96xj-2mvh",
  "modified": "2025-01-07T00:31:39Z",
  "published": "2024-06-20T12:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48730"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/24f8e12d965b24f8aea762589e0e9fe2025c005e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5d40f1bdad3dd1a177f21a90ad4353c1ed40ba3a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/92c4cfaee6872038563c5b6f2e8e613f9d84d47d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cc8f7940d9c2d45f67b3d1a2f2b7a829ca561bed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8934-73X5-7J23

Vulnerability from github – Published: 2022-05-24 17:14 – Updated: 2022-05-24 17:14
VLAI
Details

wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-11713"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-327"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-12T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks.",
  "id": "GHSA-8934-73x5-7j23",
  "modified": "2022-05-24T17:14:02Z",
  "published": "2022-05-24T17:14:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11713"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wolfSSL/wolfssl/pull/2894"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/pietroborrello/7c5be2d1dc15349c4ffc8671f0aad04f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-89P3-9J8C-FQH4

Vulnerability from github – Published: 2023-03-12 06:30 – Updated: 2026-02-03 17:38
VLAI
Summary
Duplicate Advisory: User account enumeration in eZ Publish Ibexa Kernel
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-gmrf-99gw-vvwj. This link is maintained to preserve external references.

Original Description

This Security Advisory is about a vulnerability in eZ Platform v1.13, v2.5, and v3.2, and in Ibexa DXP and Ibexa Open Source v3.3. The /user/sessions endpoint can let an attacker detect if a given username or email refers to a valid account. This can be detected through differences in the response data or response time of certain requests. The fix ensures neither attack is possible. The fix is distributed via Composer.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "ezsystems/ezpublish-kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.13.0"
            },
            {
              "fixed": "6.13.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "ezsystems/ezpublish-kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.5.0"
            },
            {
              "fixed": "7.5.15.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-03-13T20:58:01Z",
    "nvd_published_at": "2023-03-12T05:15:00Z",
    "severity": "MODERATE"
  },
  "details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-gmrf-99gw-vvwj. This link is maintained to preserve external references.\n\n## Original Description\n\nThis Security Advisory is about a vulnerability in eZ Platform v1.13, v2.5, and v3.2, and in Ibexa DXP and Ibexa Open Source v3.3. The /user/sessions endpoint can let an attacker detect if a given username or email refers to a valid account. This can be detected through differences in the response data or response time of certain requests. The fix ensures neither attack is possible. The fix is distributed via Composer.",
  "id": "GHSA-89p3-9j8c-fqh4",
  "modified": "2026-02-03T17:38:51Z",
  "published": "2023-03-12T06:30:21Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-gmrf-99gw-vvwj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46876"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ezsystems/ezpublish-kernel/commit/b496f073c3f03707d3531a6941dc098b84e3cbed"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ezsystems/ezpublish-kernel"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Duplicate Advisory: User account enumeration in eZ Publish Ibexa Kernel",
  "withdrawn": "2026-02-03T17:38:51Z"
}

GHSA-8C4P-575F-FQ4H

Vulnerability from github – Published: 2022-05-24 17:18 – Updated: 2022-05-24 17:18
VLAI
Details

An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-13413"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-05-22T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force.",
  "id": "GHSA-8c4p-575f-fq4h",
  "modified": "2022-05-24T17:18:36Z",
  "published": "2022-05-24T17:18:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13413"
    },
    {
      "type": "WEB",
      "url": "https://docs.aviatrix.com/HowTos/security_bulletin_article.html#observable-response-discrepancy-from-api"
    },
    {
      "type": "WEB",
      "url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-8C7M-P9HJ-2J62

Vulnerability from github – Published: 2022-10-06 18:52 – Updated: 2022-10-08 00:00
VLAI
Details

In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. The vulnerability is due to insecure design, where a difference in forgot password utility could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. This affects NeDi 1.0.7 for OS X 1.0.7 <= and NeDi for Suse 1.0.7 <= and NeDi for FreeBSD 1.0.7 <=.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-40895"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-06T18:16:00Z",
    "severity": "CRITICAL"
  },
  "details": "In certain Nedi products, a vulnerability in the web UI of NeDi login \u0026 Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. The vulnerability is due to insecure design, where a difference in forgot password utility could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. This affects NeDi 1.0.7 for OS X 1.0.7 \u003c= and NeDi for Suse 1.0.7 \u003c= and NeDi for FreeBSD 1.0.7 \u003c=.",
  "id": "GHSA-8c7m-p9hj-2j62",
  "modified": "2022-10-08T00:00:20Z",
  "published": "2022-10-06T18:52:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40895"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/UditChavda/2f2effa477a429b485ae7e2dc3bbd04f"
    },
    {
      "type": "WEB",
      "url": "https://www.nedi.ch"
    },
    {
      "type": "WEB",
      "url": "http://forum.nedi.ch/index.php"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8CH4-58QP-G3MP

Vulnerability from github – Published: 2021-06-11 17:43 – Updated: 2024-11-19 18:19
VLAI
Summary
Observable Timing Discrepancy in aaugustin websockets library
Details

The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "websockets"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-33880"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-208"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-06-10T16:24:45Z",
    "nvd_published_at": "2021-06-06T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.",
  "id": "GHSA-8ch4-58qp-g3mp",
  "modified": "2024-11-19T18:19:55Z",
  "published": "2021-06-11T17:43:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33880"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aaugustin/websockets/commit/547a26b685d08cac0aa64e5e65f7867ac0ea9bc0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aaugustin/websockets"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/websockets/PYSEC-2021-95.yaml"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Observable Timing Discrepancy in aaugustin websockets library"
}

GHSA-8CWM-WR6Q-X76P

Vulnerability from github – Published: 2024-01-22 06:30 – Updated: 2024-01-26 21:30
VLAI
Details

darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-23771"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-22T04:15:07Z",
    "severity": "CRITICAL"
  },
  "details": "darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel.",
  "id": "GHSA-8cwm-wr6q-x76p",
  "modified": "2024-01-26T21:30:21Z",
  "published": "2024-01-22T06:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23771"
    },
    {
      "type": "WEB",
      "url": "https://github.com/emikulic/darkhttpd/commit/f477619d49f3c4de9ad59bd194265a48ddc03f04"
    },
    {
      "type": "WEB",
      "url": "https://github.com/emikulic/darkhttpd/compare/v1.14...v1.15"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/01/25/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8H4Q-W278-X888

Vulnerability from github – Published: 2022-04-30 18:18 – Updated: 2022-04-30 18:18
VLAI
Details

PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack and modifies packets in ICMP error messages in a way that allows remote attackers to determine that the system is running PGPfire.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2002-0208"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2002-05-16T04:00:00Z",
    "severity": "MODERATE"
  },
  "details": "PGP Security PGPfire 7.1 for Windows alters the system\u0027s TCP/IP stack and modifies packets in ICMP error messages in a way that allows remote attackers to determine that the system is running PGPfire.",
  "id": "GHSA-8h4q-w278-x888",
  "modified": "2022-04-30T18:18:45Z",
  "published": "2022-04-30T18:18:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0208"
    },
    {
      "type": "WEB",
      "url": "http://online.securityfocus.com/archive/1/252407"
    },
    {
      "type": "WEB",
      "url": "http://www.iss.net/security_center/static/8008.php"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/3961"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-8H69-RHJ2-R69P

Vulnerability from github – Published: 2022-05-07 00:00 – Updated: 2022-05-18 00:00
VLAI
Details

The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-33845"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-06T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors.",
  "id": "GHSA-8h69-rhj2-r69p",
  "modified": "2022-05-18T00:00:38Z",
  "published": "2022-05-07T00:00:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33845"
    },
    {
      "type": "WEB",
      "url": "https://research.splunk.com/application/splunk_user_enumeration_attempt"
    },
    {
      "type": "WEB",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0502.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-39
Implementation
  • Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
  • If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
  • Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
CAPEC-189: Black Box Reverse Engineering

An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs. Black Box Reverse Engineering also refers to gathering physical side effects of a hardware device, such as electromagnetic radiation or sounds.