CWE-209
AllowedGeneration of Error Message Containing Sensitive Information
Abstraction: Base · Status: Draft
The product generates an error message that includes sensitive information about its environment, users, or associated data.
833 vulnerabilities reference this CWE, most recent first.
GHSA-28PP-6J97-MMC8
Vulnerability from github – Published: 2024-12-19 18:31 – Updated: 2025-01-10 15:31IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.
{
"affected": [],
"aliases": [
"CVE-2024-52896"
],
"database_specific": {
"cwe_ids": [
"CWE-209"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-19T17:15:09Z",
"severity": "MODERATE"
},
"details": "IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.",
"id": "GHSA-28pp-6j97-mmc8",
"modified": "2025-01-10T15:31:33Z",
"published": "2024-12-19T18:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52896"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7178244"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7179152"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-29JJ-Q7XF-WJ3R
Vulnerability from github – Published: 2025-03-12 12:30 – Updated: 2025-03-12 12:30Generation of Error Message Containing Sensitive Information vulnerability in Hillstone Networks Hillstone Next Generation FireWall.This issue affects Hillstone Next Generation FireWall: from 5.5R8P1 before 5.5R8P23.
{
"affected": [],
"aliases": [
"CVE-2025-2239"
],
"database_specific": {
"cwe_ids": [
"CWE-209"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-12T10:15:19Z",
"severity": "MODERATE"
},
"details": "Generation of Error Message Containing Sensitive Information vulnerability in Hillstone Networks Hillstone Next Generation FireWall.This issue affects Hillstone Next Generation FireWall: from 5.5R8P1 before 5.5R8P23.",
"id": "GHSA-29jj-q7xf-wj3r",
"modified": "2025-03-12T12:30:59Z",
"published": "2025-03-12T12:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2239"
},
{
"type": "WEB",
"url": "https://www.hillstonenet.com.cn/security-notification/2025/02/17/stoneosjd"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-29P5-CHFQ-8H6J
Vulnerability from github – Published: 2022-08-11 00:00 – Updated: 2022-08-14 00:00Dell Wyse Management Suite 3.6.1 and below contains Information Disclosure in Devices error pages. An attacker could potentially exploit this vulnerability, leading to the disclosure of certain sensitive information. The attacker may be able to use the exposed information to access and further vulnerability research.
{
"affected": [],
"aliases": [
"CVE-2022-33930"
],
"database_specific": {
"cwe_ids": [
"CWE-209"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-10T17:15:00Z",
"severity": "HIGH"
},
"details": "Dell Wyse Management Suite 3.6.1 and below contains Information Disclosure in Devices error pages. An attacker could potentially exploit this vulnerability, leading to the disclosure of certain sensitive information. The attacker may be able to use the exposed information to access and further vulnerability research.",
"id": "GHSA-29p5-chfq-8h6j",
"modified": "2022-08-14T00:00:23Z",
"published": "2022-08-11T00:00:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33930"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000201383/dsa-2022-134-dell-wyse-management-suite-security-update-for-multiple-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-29PR-6JR8-Q5JM
Vulnerability from github – Published: 2023-03-21 22:31 – Updated: 2023-03-22 21:49Impact
When using the Django integration of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their privileges within your application.
The below must be true in order for these sensitive values to be leaked:
1. Your Sentry SDK configuration has sendDefaultPII set to True
2. You are using a custom name for either of the cookies below in your Django settings.
- SESSION_COOKIE_NAME or
- CSRF_COOKIE_NAME Django settings
3. You are not configured in your organization or project settings to use our data scrubbing features to account for the custom cookie names
Patches
As of version 1.14.0, the Django integration of the sentry-sdk will detect the custom cookie names based on your Django settings and will remove the values from the payload before sending the data to Sentry.
Workarounds
If you can not update your sentry-sdk to a patched version than you can use the SDKs filtering mechanism to remove the cookies from the payload that is sent to Sentry. For error events this can be done with the before_send callback method and for performance related events (transactions) you can use the before_send_transaction callback method.
If you'd like to handle filtering of these values on the server-side, you can also use our advanced data scrubbing feature to account for the custom cookie names. Look for the $http.cookies, $http.headers, $request.cookies, or $request.headers fields to target with your scrubbing rule.
References
Credits
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "sentry-sdk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.14.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-28117"
],
"database_specific": {
"cwe_ids": [
"CWE-201",
"CWE-209"
],
"github_reviewed": true,
"github_reviewed_at": "2023-03-21T22:31:19Z",
"nvd_published_at": "2023-03-22T20:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\n\nWhen using the [Django integration](https://docs.sentry.io/platforms/python/guides/django/) of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their privileges within your application.\n\nThe below must be true in order for these sensitive values to be leaked:\n1. Your Sentry SDK configuration has `sendDefaultPII` set to `True`\n2. You are using a custom name for either of the cookies below in your Django settings.\n - [`SESSION_COOKIE_NAME`](https://docs.djangoproject.com/en/4.1/ref/settings/#std-setting-SESSION_COOKIE_NAME) or \n - [`CSRF_COOKIE_NAME`](https://docs.djangoproject.com/en/4.1/ref/settings/#std-setting-CSRF_COOKIE_NAME) Django settings\n3. You are not configured in your organization or project settings to use [our data scrubbing features](https://docs.sentry.io/product/data-management-settings/scrubbing/) to account for the custom cookie names\n\n### Patches\nAs of version `1.14.0`, the Django integration of the `sentry-sdk` will detect the custom cookie names based on your Django settings and will remove the values from the payload _before_ sending the data to Sentry.\n\n### Workarounds\n\nIf you can not update your `sentry-sdk` to a patched version than you can use the SDKs filtering mechanism to remove the cookies from the payload that is sent to Sentry. For error events this can be done with the [before_send](https://docs.sentry.io/platforms/python/configuration/filtering/#using-platformidentifier-namebefore-send-) callback method and for performance related events (transactions) you can use the [before_send_transaction](https://docs.sentry.io/platforms/python/configuration/filtering/#using-platformidentifier-namebefore-send-transaction-) callback method.\n\nIf you\u0027d like to handle filtering of these values on the server-side, you can also use our [advanced data scrubbing feature](https://docs.sentry.io/product/data-management-settings/scrubbing/advanced-datascrubbing/) to account for the custom cookie names. Look for the `$http.cookies`, `$http.headers`, `$request.cookies`, or `$request.headers` fields to target with your scrubbing rule.\n\n### References\n- [Using Your Tools Against You (Chapter8 Blog Post)](https://medium.com/@tomwolters/using-your-tools-against-you-cea4d2482ebb)\n- [Sentry Python SDK Filtering](https://docs.sentry.io/platforms/python/configuration/filtering/)\n- [Sentry Data Scrubbing](https://docs.sentry.io/product/data-management-settings/scrubbing/advanced-datascrubbing/)\n\n### Credits\n- [Tom Wolters (Chapter8)](https://chapter8.com)\n",
"id": "GHSA-29pr-6jr8-q5jm",
"modified": "2023-03-22T21:49:38Z",
"published": "2023-03-21T22:31:19Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/getsentry/sentry-python/security/advisories/GHSA-29pr-6jr8-q5jm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28117"
},
{
"type": "WEB",
"url": "https://github.com/getsentry/sentry-python/pull/1842"
},
{
"type": "PACKAGE",
"url": "https://github.com/getsentry/sentry-python"
},
{
"type": "WEB",
"url": "https://github.com/getsentry/sentry-python/releases/tag/1.14.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`"
}
GHSA-29V9-FRVH-C426
Vulnerability from github – Published: 2026-04-22 19:57 – Updated: 2026-05-08 20:42Impact
A server-side request forgery (SSRF) vulnerability in monetr's Lunch Flow integration allowed any authenticated user on a self-hosted instance to cause the monetr server to issue HTTP GET requests to arbitrary URLs supplied by the caller, with the response body from non-200 upstream responses reflected back in the API error message.
The URL validator on POST /api/lunch_flow/link only checked the URL scheme and rejected query parameters; it did not
filter loopback, RFC1918, link-local, or cloud-provider metadata addresses. The outbound HTTP client read the response
body via an unbounded io.ReadAll, and the controller intentionally surfaced the resulting error (which contained the
upstream body) as the JSON error field of the API response.
Who is affected: self-hosted monetr deployments running the default configuration. Out of the box,
LunchFlow.Enabled=true, AllowSignUp=true, and billing is not enforced, so any user who can register on the instance
can reach the vulnerable endpoint. Deployments running in a cloud environment where instance metadata is reachable from
the pod (e.g. AWS EC2 without IMDSv2 enforced) expand the impact to include potential exposure of instance metadata
through the reflected error body.
Who is NOT affected: the hosted my.monetr.app service, which runs with LunchFlow.Enabled=false. Self-hosted
operators who had already disabled public sign-up (MONETR_ALLOW_SIGN_UP=false) substantially reduce their exposure
since only operator-trusted users can reach the endpoint.
A secondary denial-of-service vector also existed: because the outbound response body was read with no size cap, an attacker-influenced upstream could return a multi-GB body that monetr would fully buffer into memory.
Patches
Fixed in monetr v1.12.5. Users should upgrade to this release or later.
The fix introduces a new config field LunchFlow.AllowedApiUrls (a list of permitted Lunch Flow API URLs) with a
default of ["https://lunchflow.app/api/v1"]. URLs outside the allowlist are rejected both at link-creation time and at
client-construction time, with a server-side warning log on rejection. Response body reads are capped at 10 MiB for both
success and error paths. The UI renders the API URL field as a disabled pre-filled input when a single URL is allowed,
or a dropdown when multiple are allowed, so operators who need to use a staging or self-hosted Lunch Flow API opt in
explicitly via config.
Upgrade note for self-hosters with a custom Lunch Flow URL: if your existing LunchFlowLink records point at a URL
other than https://lunchflow.app/api/v1, set your lunchFlow.allowedApiUrls in your yaml config to include your
custom URL before upgrading. Otherwise existing links will fail on next refresh or sync with a "Rejected Lunch Flow API
URL that is not in the configured allowlist" warning in the server log.
Workarounds
For operators who cannot upgrade immediately, any of the following materially reduces or eliminates exposure:
- Disable public sign-up: set
MONETR_ALLOW_SIGN_UP=falseso only operator-trusted users can reach the vulnerable endpoint. Recommended in general for internet-exposed self-hosted deployments. - Disable Lunch Flow entirely: set
lunchFlow.enabled: falsein your config file. The endpoints will return 404 for all callers. - Network-level egress restriction: restrict outbound HTTP egress from the monetr pod/container to only
lunchflow.app(or whichever legitimate Lunch Flow hosts you use). Blocks the SSRF primitive regardless of application-layer validation. - On AWS EC2 specifically: enforce IMDSv2 on the instance. This eliminates the cloud-metadata exfil path even if the SSRF primitive remains reachable.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/monetr/monetr"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-41644"
],
"database_specific": {
"cwe_ids": [
"CWE-209",
"CWE-770",
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-22T19:57:54Z",
"nvd_published_at": "2026-05-07T12:16:17Z",
"severity": "HIGH"
},
"details": "### Impact\n\nA server-side request forgery (SSRF) vulnerability in monetr\u0027s Lunch Flow integration allowed any authenticated user on\na self-hosted instance to cause the monetr server to issue HTTP GET requests to arbitrary URLs supplied by the caller,\nwith the response body from non-200 upstream responses reflected back in the API error message.\n\nThe URL validator on `POST /api/lunch_flow/link` only checked the URL scheme and rejected query parameters; it did not\nfilter loopback, RFC1918, link-local, or cloud-provider metadata addresses. The outbound HTTP client read the response\nbody via an unbounded `io.ReadAll`, and the controller intentionally surfaced the resulting error (which contained the\nupstream body) as the JSON `error` field of the API response.\n\n**Who is affected:** self-hosted monetr deployments running the default configuration. Out of the box,\n`LunchFlow.Enabled=true`, `AllowSignUp=true`, and billing is not enforced, so any user who can register on the instance\ncan reach the vulnerable endpoint. Deployments running in a cloud environment where instance metadata is reachable from\nthe pod (e.g. AWS EC2 without IMDSv2 enforced) expand the impact to include potential exposure of instance metadata\nthrough the reflected error body.\n\n**Who is NOT affected:** the hosted `my.monetr.app` service, which runs with `LunchFlow.Enabled=false`. Self-hosted\noperators who had already disabled public sign-up (`MONETR_ALLOW_SIGN_UP=false`) substantially reduce their exposure\nsince only operator-trusted users can reach the endpoint.\n\nA secondary denial-of-service vector also existed: because the outbound response body was read with no size cap, an\nattacker-influenced upstream could return a multi-GB body that monetr would fully buffer into memory.\n\n### Patches\n\nFixed in monetr `v1.12.5`. Users should upgrade to this release or later.\n\nThe fix introduces a new config field `LunchFlow.AllowedApiUrls` (a list of permitted Lunch Flow API URLs) with a\ndefault of `[\"https://lunchflow.app/api/v1\"]`. URLs outside the allowlist are rejected both at link-creation time and at\nclient-construction time, with a server-side warning log on rejection. Response body reads are capped at 10 MiB for both\nsuccess and error paths. The UI renders the API URL field as a disabled pre-filled input when a single URL is allowed,\nor a dropdown when multiple are allowed, so operators who need to use a staging or self-hosted Lunch Flow API opt in\nexplicitly via config.\n\n**Upgrade note for self-hosters with a custom Lunch Flow URL:** if your existing `LunchFlowLink` records point at a URL\nother than `https://lunchflow.app/api/v1`, set your `lunchFlow.allowedApiUrls` in your yaml config to include your\ncustom URL before upgrading. Otherwise existing links will fail on next refresh or sync with a `\"Rejected Lunch Flow API\nURL that is not in the configured allowlist\"` warning in the server log.\n\n### Workarounds\n\nFor operators who cannot upgrade immediately, any of the following materially reduces or eliminates exposure:\n\n- **Disable public sign-up:** set `MONETR_ALLOW_SIGN_UP=false` so only operator-trusted users can reach the vulnerable\nendpoint. Recommended in general for internet-exposed self-hosted deployments.\n- **Disable Lunch Flow entirely:** set `lunchFlow.enabled: false` in your config file. The endpoints will return 404 for\nall callers.\n- **Network-level egress restriction:** restrict outbound HTTP egress from the monetr pod/container to only\n`lunchflow.app` (or whichever legitimate Lunch Flow hosts you use). Blocks the SSRF primitive regardless of\napplication-layer validation.\n- **On AWS EC2 specifically:** enforce IMDSv2 on the instance. This eliminates the cloud-metadata exfil path even if the\nSSRF primitive remains reachable.",
"id": "GHSA-29v9-frvh-c426",
"modified": "2026-05-08T20:42:34Z",
"published": "2026-04-22T19:57:54Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/monetr/monetr/security/advisories/GHSA-29v9-frvh-c426"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41644"
},
{
"type": "WEB",
"url": "https://github.com/monetr/monetr/pull/3122"
},
{
"type": "WEB",
"url": "https://github.com/monetr/monetr/commit/c260caa3c573a4a396ec2d264c7641a5d958385b"
},
{
"type": "PACKAGE",
"url": "https://github.com/monetr/monetr"
},
{
"type": "WEB",
"url": "https://github.com/monetr/monetr/releases/tag/v1.12.5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:H/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "monetr: Server-side request forgery in Lunch Flow link creation and refresh"
}
GHSA-2C44-V444-62H2
Vulnerability from github – Published: 2023-08-28 15:30 – Updated: 2024-04-04 07:14User enumeration is found in PHPJabbers Event Booking Calendar v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
{
"affected": [],
"aliases": [
"CVE-2023-40765"
],
"database_specific": {
"cwe_ids": [
"CWE-209"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-28T13:15:10Z",
"severity": "CRITICAL"
},
"details": "User enumeration is found in PHPJabbers Event Booking Calendar v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.",
"id": "GHSA-2c44-v444-62h2",
"modified": "2024-04-04T07:14:34Z",
"published": "2023-08-28T15:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40765"
},
{
"type": "WEB",
"url": "https://medium.com/%40mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f"
},
{
"type": "WEB",
"url": "https://medium.com/@mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f"
},
{
"type": "WEB",
"url": "https://www.phpjabbers.com/event-booking-calendar"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2CWP-85P5-6FWC
Vulnerability from github – Published: 2025-01-25 15:30 – Updated: 2025-01-25 15:30IBM Control Center 6.2.1 and 6.3.1
could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
{
"affected": [],
"aliases": [
"CVE-2024-35112"
],
"database_specific": {
"cwe_ids": [
"CWE-209",
"CWE-80"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-25T14:15:28Z",
"severity": "MODERATE"
},
"details": "IBM Control Center 6.2.1 and 6.3.1 \n\ncould allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.",
"id": "GHSA-2cwp-85p5-6fwc",
"modified": "2025-01-25T15:30:31Z",
"published": "2025-01-25T15:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35112"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7174794"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2CX9-54HP-R698
Vulnerability from github – Published: 2024-12-09 15:31 – Updated: 2025-02-11 19:01Generation of Error Message Containing analytics metadata Information in Apache Superset.
This issue affects Apache Superset: before 4.1.0.
Users are recommended to upgrade to version 4.1.0, which fixes the issue.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "apache-superset"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-53948"
],
"database_specific": {
"cwe_ids": [
"CWE-209"
],
"github_reviewed": true,
"github_reviewed_at": "2024-12-09T20:45:00Z",
"nvd_published_at": "2024-12-09T14:15:12Z",
"severity": "MODERATE"
},
"details": "Generation of Error Message Containing analytics metadata Information in Apache Superset.\n\nThis issue affects Apache Superset: before 4.1.0.\n\nUsers are recommended to upgrade to version 4.1.0, which fixes the issue.",
"id": "GHSA-2cx9-54hp-r698",
"modified": "2025-02-11T19:01:21Z",
"published": "2024-12-09T15:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53948"
},
{
"type": "WEB",
"url": "https://github.com/apache/superset/commit/ac3a10d8f192520580b8ce545cf418dc7928d27c"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/superset"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/8howpf3png0wrgpls46ggk441oczlfvf"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/12/09/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Apache Superset: Error verbosity exposes metadata in analytics databases"
}
GHSA-2G55-8GCV-FC24
Vulnerability from github – Published: 2025-09-09 18:31 – Updated: 2025-09-09 18:31Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.
{
"affected": [],
"aliases": [
"CVE-2025-53803"
],
"database_specific": {
"cwe_ids": [
"CWE-209"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-09T17:15:50Z",
"severity": "MODERATE"
},
"details": "Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.",
"id": "GHSA-2g55-8gcv-fc24",
"modified": "2025-09-09T18:31:19Z",
"published": "2025-09-09T18:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53803"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53803"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2J7R-VR72-M9VF
Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2024-04-04 03:05An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project.
{
"affected": [],
"aliases": [
"CVE-2021-22193"
],
"database_specific": {
"cwe_ids": [
"CWE-209"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-24T17:15:00Z",
"severity": "LOW"
},
"details": "An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project.",
"id": "GHSA-2j7r-vr72-m9vf",
"modified": "2024-04-04T03:05:26Z",
"published": "2022-05-24T17:45:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22193"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/605608"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22193.json"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/12560"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-39
- Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
- If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
- Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
Mitigation
Handle exceptions internally and do not display errors containing potentially sensitive information to a user.
Mitigation MIT-33
Strategy: Attack Surface Reduction
Use naming conventions and strong types to make it easier to spot when sensitive data is being used. When creating structures, objects, or other complex entities, separate the sensitive and non-sensitive data as much as possible.
Mitigation MIT-40
Strategy: Compilation or Build Hardening
Debugging information should not make its way into a production release.
Mitigation MIT-40
Strategy: Environment Hardening
Debugging information should not make its way into a production release.
Mitigation
Where available, configure the environment to use less verbose error messages. For example, in PHP, disable the display_errors setting during configuration, or at runtime using the error_reporting() function.
Mitigation
Create default error pages or messages that do not leak any information.
CAPEC-215: Fuzzing for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-54: Query System for Information
An adversary, aware of an application's location (and possibly authorized to use the application), probes an application's structure and evaluates its robustness by submitting requests and examining responses. Often, this is accomplished by sending variants of expected queries in the hope that these modified queries might return information beyond what the expected set of queries would provide.
CAPEC-7: Blind SQL Injection
Blind SQL Injection results from an insufficient mitigation for SQL Injection. Although suppressing database error messages are considered best practice, the suppression alone is not sufficient to prevent SQL Injection. Blind SQL Injection is a form of SQL Injection that overcomes the lack of error messages. Without the error messages that facilitate SQL Injection, the adversary constructs input strings that probe the target through simple Boolean SQL expressions. The adversary can determine if the syntax and structure of the injection was successful based on whether the query was executed or not. Applied iteratively, the adversary determines how and where the target is vulnerable to SQL Injection.