Common Weakness Enumeration

CWE-203

Allowed

Observable Discrepancy

Abstraction: Base · Status: Incomplete

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

836 vulnerabilities reference this CWE, most recent first.

GHSA-QJX3-4WR5-3C93

Vulnerability from github – Published: 2022-05-13 01:12 – Updated: 2022-05-13 01:12
VLAI
Details

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-16868"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-03T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.",
  "id": "GHSA-qjx3-4wr5-3c93",
  "modified": "2022-05-13T01:12:25Z",
  "published": "2022-05-13T01:12:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16868"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868"
    },
    {
      "type": "WEB",
      "url": "http://cat.eyalro.net"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106080"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QM43-G2XJ-HVG5

Vulnerability from github – Published: 2024-02-20 15:31 – Updated: 2025-07-29 13:05
VLAI
Summary
Liferay Portal and Liferay DXP User Enumeration Vulnerability
Details

User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.liferay.portal:release.portal.bom"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.2.0"
            },
            {
              "fixed": "7.4.3.27-ga27"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.liferay.portal:release.dxp.bom"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.2.10.fp20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.liferay.portal:release.dxp.bom"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.3.0"
            },
            {
              "fixed": "7.3.10.u8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.liferay.portal:release.dxp.bom"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.4.0"
            },
            {
              "fixed": "7.4.13.u27"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-26268"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-07-29T13:05:12Z",
    "nvd_published_at": "2024-02-20T14:15:09Z",
    "severity": "MODERATE"
  },
  "details": "User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request\u0027s response time.",
  "id": "GHSA-qm43-g2xj-hvg5",
  "modified": "2025-07-29T13:05:12Z",
  "published": "2024-02-20T15:31:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26268"
    },
    {
      "type": "WEB",
      "url": "https://github.com/liferay/liferay-portal/commit/46db55ec21103fa39542e2cba080c4f98e3c5f93"
    },
    {
      "type": "WEB",
      "url": "https://github.com/liferay/liferay-portal/commit/d8d0ae0178a2d902b541c80a230a2c7a5ab246e8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/liferay/liferay-portal"
    },
    {
      "type": "WEB",
      "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26268"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Liferay Portal and Liferay DXP User Enumeration Vulnerability"
}

GHSA-QPC3-FG4J-8HGM

Vulnerability from github – Published: 2026-03-20 20:45 – Updated: 2026-03-30 13:51
VLAI
Summary
Parse Server has a protected field change detection oracle via LiveQuery watch parameter
Details

Impact

An attacker can subscribe to LiveQuery with a watch parameter targeting a protected field. Although the protected field value is properly stripped from event payloads, the presence or absence of update events reveals whether the protected field changed, creating a binary oracle. For boolean protected fields, the timing of change events is equivalent to knowing the field value.

Patches

The watch parameter is now validated against protected fields at subscription time, mirroring the existing validation for the where clause. Subscriptions that include protected fields in watch are rejected with a permission error. Master key connections are exempt.

Workarounds

None.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "parse-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0"
            },
            {
              "fixed": "9.6.0-alpha.43"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "parse-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.6.54"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-33429"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-20T20:45:40Z",
    "nvd_published_at": "2026-03-24T19:16:53Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nAn attacker can subscribe to LiveQuery with a `watch` parameter targeting a protected field. Although the protected field value is properly stripped from event payloads, the presence or absence of update events reveals whether the protected field changed, creating a binary oracle. For boolean protected fields, the timing of change events is equivalent to knowing the field value.\n\n### Patches\n\nThe `watch` parameter is now validated against protected fields at subscription time, mirroring the existing validation for the `where` clause. Subscriptions that include protected fields in `watch` are rejected with a permission error. Master key connections are exempt.\n\n### Workarounds\n\nNone.",
  "id": "GHSA-qpc3-fg4j-8hgm",
  "modified": "2026-03-30T13:51:29Z",
  "published": "2026-03-20T20:45:40Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-qpc3-fg4j-8hgm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33429"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/pull/10253"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/pull/10254"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/commit/0c0a0a5a37ca821d2553119f2cb3be35322eda4b"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/commit/c62eacaf38de86913f09240583448360b1cc8e67"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/parse-community/parse-server"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Parse Server has a protected field change detection oracle via LiveQuery watch parameter"
}

GHSA-QPGX-23MW-7F3Q

Vulnerability from github – Published: 2022-08-13 00:00 – Updated: 2022-08-16 00:00
VLAI
Details

In Content, there is a possible way to determinate the user's account due to side channel information disclosure. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-199751919

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-20304"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-12T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In Content, there is a possible way to determinate the user\u0027s account due to side channel information disclosure. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-199751919",
  "id": "GHSA-qpgx-23mw-7f3q",
  "modified": "2022-08-16T00:00:22Z",
  "published": "2022-08-13T00:00:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20304"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/android-13"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QPV2-JXC7-3638

Vulnerability from github – Published: 2022-02-15 00:02 – Updated: 2026-02-27 20:20
VLAI
Summary
Exposure of Sensitive Information in snipe/snipe-it
Details

Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.10.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "snipe/snipe-it"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.3.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-0569"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-203"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-02-16T22:40:14Z",
    "nvd_published_at": "2022-02-14T12:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.10.",
  "id": "GHSA-qpv2-jxc7-3638",
  "modified": "2026-02-27T20:20:07Z",
  "published": "2022-02-15T00:02:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0569"
    },
    {
      "type": "WEB",
      "url": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/snipe/snipe-it"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Exposure of Sensitive Information in snipe/snipe-it"
}

GHSA-QPWH-QX3H-P3RQ

Vulnerability from github – Published: 2022-05-01 02:00 – Updated: 2022-05-01 02:00
VLAI
Details

The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2005-1650"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-05-18T04:00:00Z",
    "severity": "HIGH"
  },
  "details": "The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames.",
  "id": "GHSA-qpwh-qx3h-p3rq",
  "modified": "2022-05-01T02:00:41Z",
  "published": "2022-05-01T02:00:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-1650"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/15268"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/13597"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QPX9-W5WP-X7Q5

Vulnerability from github – Published: 2023-06-30 18:31 – Updated: 2024-04-04 05:19
VLAI
Details

An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-37305"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-30T17:15:09Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces.",
  "id": "GHSA-qpx9-w5wp-x7q5",
  "modified": "2024-04-04T05:19:06Z",
  "published": "2023-06-30T18:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37305"
    },
    {
      "type": "WEB",
      "url": "https://gerrit.wikimedia.org/r/q/Ibe5f8e25dea155bbd811a65833394c0d4b906a34"
    },
    {
      "type": "WEB",
      "url": "https://phabricator.wikimedia.org/T326952"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QQF8-627P-CH29

Vulnerability from github – Published: 2023-10-30 18:30 – Updated: 2023-11-03 18:30
VLAI
Details

In Game Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-21345"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-30T17:15:50Z",
    "severity": "LOW"
  },
  "details": "In Game Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.",
  "id": "GHSA-qqf8-627p-ch29",
  "modified": "2023-11-03T18:30:23Z",
  "published": "2023-10-30T18:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21345"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/docs/security/bulletin/android-14"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QQV9-GQH5-7H99

Vulnerability from github – Published: 2022-12-25 06:30 – Updated: 2025-04-15 15:52
VLAI
Summary
Snipe-IT allows attackers to check whether a user account exists
Details

Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "snipe/snipe-it"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "6.0.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-44381"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-30T17:19:02Z",
    "nvd_published_at": "2022-12-25T05:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request.",
  "id": "GHSA-qqv9-gqh5-7h99",
  "modified": "2025-04-15T15:52:02Z",
  "published": "2022-12-25T06:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44381"
    },
    {
      "type": "WEB",
      "url": "https://census-labs.com/news/2022/12/23/multiple-vulnerabilities-in-snipe-it"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/snipe/snipe-it"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Snipe-IT allows attackers to check whether a user account exists"
}

GHSA-QR9M-MRGX-PV4R

Vulnerability from github – Published: 2024-12-26 12:30 – Updated: 2024-12-26 12:30
VLAI
Details

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-8994"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-26T12:15:07Z",
    "severity": "MODERATE"
  },
  "details": "Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.",
  "id": "GHSA-qr9m-mrgx-pv4r",
  "modified": "2024-12-26T12:30:45Z",
  "published": "2024-12-26T12:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8994"
    },
    {
      "type": "WEB",
      "url": "https://www.honor.com/global/security/cve-2024-8994"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-39
Implementation
  • Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
  • If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
  • Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
CAPEC-189: Black Box Reverse Engineering

An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs. Black Box Reverse Engineering also refers to gathering physical side effects of a hardware device, such as electromagnetic radiation or sounds.