CWE-203
AllowedObservable Discrepancy
Abstraction: Base · Status: Incomplete
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
836 vulnerabilities reference this CWE, most recent first.
GHSA-M9GX-JGM7-M42G
Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2022-05-13 01:13The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.
{
"affected": [],
"aliases": [
"CVE-2016-6489"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-14T18:59:00Z",
"severity": "HIGH"
},
"details": "The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.",
"id": "GHSA-m9gx-jgm7-m42g",
"modified": "2022-05-13T01:13:29Z",
"published": "2022-05-13T01:13:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6489"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1362016"
},
{
"type": "WEB",
"url": "https://eprint.iacr.org/2016/596.pdf"
},
{
"type": "WEB",
"url": "https://git.lysator.liu.se/nettle/nettle/commit/3fe1d6549765ecfb24f0b80b2ed086fdc818bff3"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201706-21"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2582.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/07/29/7"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-3193-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M9J4-RC9X-QFM5
Vulnerability from github – Published: 2022-04-30 18:18 – Updated: 2022-04-30 18:18AmTote International homebet program returns different error messages when invalid account numbers and PIN codes are provided, which allows remote attackers to determine the existence of valid account numbers via a brute force attack.
{
"affected": [],
"aliases": [
"CVE-2001-1528"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2001-12-31T05:00:00Z",
"severity": "MODERATE"
},
"details": "AmTote International homebet program returns different error messages when invalid account numbers and PIN codes are provided, which allows remote attackers to determine the existence of valid account numbers via a brute force attack.",
"id": "GHSA-m9j4-rc9x-qfm5",
"modified": "2022-04-30T18:18:13Z",
"published": "2022-04-30T18:18:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2001-1528"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0235.html"
},
{
"type": "WEB",
"url": "http://www.iss.net/security_center/static/7185.php"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/3371"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-M9WJ-V55G-XVQW
Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2022-05-13 01:46An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses SVG filters.
{
"affected": [],
"aliases": [
"CVE-2017-7006"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-20T16:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses SVG filters.",
"id": "GHSA-m9wj-v55g-xvqw",
"modified": "2022-05-13T01:46:50Z",
"published": "2022-05-13T01:46:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7006"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201710-14"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT207921"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT207923"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT207924"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/99886"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038950"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MFQW-6J28-58X9
Vulnerability from github – Published: 2026-06-05 00:31 – Updated: 2026-06-05 21:32Side-channel information leakage in PerformanceAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
{
"affected": [],
"aliases": [
"CVE-2026-11284"
],
"database_specific": {
"cwe_ids": [
"CWE-1300",
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-05T00:17:05Z",
"severity": "MODERATE"
},
"details": "Side-channel information leakage in PerformanceAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)",
"id": "GHSA-mfqw-6j28-58x9",
"modified": "2026-06-05T21:32:03Z",
"published": "2026-06-05T00:31:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11284"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/502073069"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MG34-5R5X-PW7R
Vulnerability from github – Published: 2025-12-17 18:31 – Updated: 2026-01-05 09:30There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows malicious users to enumerate users by entering an OTP code and new password then reviewing application responses.
{
"affected": [],
"aliases": [
"CVE-2025-65185"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-17T17:15:50Z",
"severity": "LOW"
},
"details": "There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows malicious users to enumerate users by entering an OTP code and new password then reviewing application responses.",
"id": "GHSA-mg34-5r5x-pw7r",
"modified": "2026-01-05T09:30:19Z",
"published": "2025-12-17T18:31:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65185"
},
{
"type": "WEB",
"url": "https://entrinsik.com"
},
{
"type": "WEB",
"url": "https://www.triaxiomsecurity.com/entrinsik-informer-username-enumeration-cve-2025-65185"
},
{
"type": "WEB",
"url": "http://entrinsik.com"
},
{
"type": "WEB",
"url": "http://informer.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MG79-3WXP-F4X4
Vulnerability from github – Published: 2023-07-11 21:30 – Updated: 2024-11-27 18:33A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information.
{
"affected": [],
"aliases": [
"CVE-2023-20575"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-11T19:15:09Z",
"severity": "MODERATE"
},
"details": "\nA potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program\u2019s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information.\n\n\n\n\n\n\n\n\n\n",
"id": "GHSA-mg79-3wxp-f4x4",
"modified": "2024-11-27T18:33:59Z",
"published": "2023-07-11T21:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20575"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3004"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MGJ3-4CVF-J637
Vulnerability from github – Published: 2023-06-14 15:30 – Updated: 2024-04-04 04:50An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip.
{
"affected": [],
"aliases": [
"CVE-2023-34878"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-14T14:15:10Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip.",
"id": "GHSA-mgj3-4cvf-j637",
"modified": "2024-04-04T04:50:03Z",
"published": "2023-06-14T15:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34878"
},
{
"type": "WEB",
"url": "https://github.com/ujcms/ujcms/issues/6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MH8F-5GW2-5WGH
Vulnerability from github – Published: 2022-05-24 17:27 – Updated: 2026-04-16 15:31The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).
{
"affected": [],
"aliases": [
"CVE-2020-1968"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-326"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-09-09T14:15:00Z",
"severity": "MODERATE"
},
"details": "The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).",
"id": "GHSA-mh8f-5gw2-5wgh",
"modified": "2026-04-16T15:31:26Z",
"published": "2022-05-24T17:27:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1968"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00016.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202210-02"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200911-0004"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4504-1"
},
{
"type": "WEB",
"url": "https://www.openssl.org/news/secadv/20200909.txt"
},
{
"type": "WEB",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MHCQ-HVGJ-XM2H
Vulnerability from github – Published: 2024-11-05 18:32 – Updated: 2025-10-01 21:30In the Linux kernel, the following vulnerability has been resolved:
x86: fix user address masking non-canonical speculation issue
It turns out that AMD has a "Meltdown Lite(tm)" issue with non-canonical accesses in kernel space. And so using just the high bit to decide whether an access is in user space or kernel space ends up with the good old "leak speculative data" if you have the right gadget using the result:
CVE-2020-12965 “Transient Execution of Non-Canonical Accesses“
Now, the kernel surrounds the access with a STAC/CLAC pair, and those instructions end up serializing execution on older Zen architectures, which closes the speculation window.
But that was true only up until Zen 5, which renames the AC bit [1]. That improves performance of STAC/CLAC a lot, but also means that the speculation window is now open.
Note that this affects not just the new address masking, but also the regular valid_user_address() check used by access_ok(), and the asm version of the sign bit check in the get_user() helpers.
It does not affect put_user() or clear_user() variants, since there's no speculative result to be used in a gadget for those operations.
{
"affected": [],
"aliases": [
"CVE-2024-50102"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-05T18:15:13Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86: fix user address masking non-canonical speculation issue\n\nIt turns out that AMD has a \"Meltdown Lite(tm)\" issue with non-canonical\naccesses in kernel space. And so using just the high bit to decide\nwhether an access is in user space or kernel space ends up with the good\nold \"leak speculative data\" if you have the right gadget using the\nresult:\n\n CVE-2020-12965 \u201cTransient Execution of Non-Canonical Accesses\u201c\n\nNow, the kernel surrounds the access with a STAC/CLAC pair, and those\ninstructions end up serializing execution on older Zen architectures,\nwhich closes the speculation window.\n\nBut that was true only up until Zen 5, which renames the AC bit [1].\nThat improves performance of STAC/CLAC a lot, but also means that the\nspeculation window is now open.\n\nNote that this affects not just the new address masking, but also the\nregular valid_user_address() check used by access_ok(), and the asm\nversion of the sign bit check in the get_user() helpers.\n\nIt does not affect put_user() or clear_user() variants, since there\u0027s no\nspeculative result to be used in a gadget for those operations.",
"id": "GHSA-mhcq-hvgj-xm2h",
"modified": "2025-10-01T21:30:28Z",
"published": "2024-11-05T18:32:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50102"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/291313693677a345d4f50aae3c68e28b469f601e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/86e6b1547b3d013bc392adf775b89318441403c2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MHG4-9WXF-WQV3
Vulnerability from github – Published: 2025-07-04 12:30 – Updated: 2025-07-04 12:30Timing difference in password reset in Ergon Informatik AG's Airlock IAM 7.7.9, 8.0.8, 8.1.7, 8.2.4 and 8.3.1 allows unauthenticated attackers to enumerate usernames.
{
"affected": [],
"aliases": [
"CVE-2025-6056"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-04T12:15:35Z",
"severity": "MODERATE"
},
"details": "Timing difference in password reset in Ergon Informatik AG\u0027s Airlock IAM 7.7.9, 8.0.8, 8.1.7, 8.2.4 and 8.3.1 allows unauthenticated attackers to enumerate usernames.",
"id": "GHSA-mhg4-9wxf-wqv3",
"modified": "2025-07-04T12:30:27Z",
"published": "2025-07-04T12:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6056"
},
{
"type": "WEB",
"url": "https://www.redguard.ch/blog/2025/07/04/cve-2025-6056-airlock-iam-username-enumeration"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-39
- Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
- If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
- Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
CAPEC-189: Black Box Reverse Engineering
An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs. Black Box Reverse Engineering also refers to gathering physical side effects of a hardware device, such as electromagnetic radiation or sounds.