Common Weakness Enumeration

CWE-209

Allowed

Generation of Error Message Containing Sensitive Information

Abstraction: Base · Status: Draft

The product generates an error message that includes sensitive information about its environment, users, or associated data.

833 vulnerabilities reference this CWE, most recent first.

GHSA-5733-M8XV-F92M

Vulnerability from github – Published: 2022-04-05 00:00 – Updated: 2022-04-12 00:00
VLAI
Details

Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1120"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-209"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-04T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration.",
  "id": "GHSA-5733-m8xv-f92m",
  "modified": "2022-04-12T00:00:52Z",
  "published": "2022-04-05T00:00:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1120"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1408731"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1120.json"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/343466"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5782-28W3-V3Q8

Vulnerability from github – Published: 2025-02-18 06:35 – Updated: 2026-04-08 18:33
VLAI
Details

The WooODT Lite – Delivery & pickup date time location for WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.5.1. This is due the /inc/bycwooodt_get_all_orders.php file being publicly accessible and generating a publicly visible error message. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-13540"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-209"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-18T05:15:13Z",
    "severity": "MODERATE"
  },
  "details": "The WooODT Lite \u2013 Delivery \u0026 pickup date time location for WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.5.1. This is due the /inc/bycwooodt_get_all_orders.php file being publicly accessible and generating a publicly visible error message. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.",
  "id": "GHSA-5782-28w3-v3q8",
  "modified": "2026-04-08T18:33:48Z",
  "published": "2025-02-18T06:35:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13540"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/byconsole-woo-order-delivery-time/trunk/inc/bycwooodt_get_all_orders.php"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3248763%40byconsole-woo-order-delivery-time\u0026new=3248763%40byconsole-woo-order-delivery-time\u0026sfp_email=\u0026sfph_mail="
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4158f6ff-8e0f-4531-8c94-f59220d6fea6?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-585V-HCGF-JHFR

Vulnerability from github – Published: 2026-05-07 02:09 – Updated: 2026-06-08 23:46
VLAI
Summary
Free5GC UDM has Improper Input Validation and Generation of Error Messages Containing Sensitive Information
Details

Summary

The free5GC UDM component fails to validate the supi path parameter in six GET handlers of the nudm-sdm (Subscriber Data Management) service. An unauthenticated attacker can inject control characters into the SUPI parameter, causing UDM to forward a malformed request to UDR and return a 500 Internal Server Error response that exposes internal infrastructure details.

Affected Package

  • Ecosystem: Go
  • Package: github.com/free5gc/udm
  • Affected versions: <= v1.4.2
  • Patched versions: none yet

Details

The following handlers in internal/sbi/api_subscriberdatamanagement.go do not call validator.IsValidSupi() before passing the supi parameter to the processor:

  • HandleGetSmfSelectDataGET /:supi/smf-select-data
  • HandleGetSupiGET /:supi
  • HandleGetTraceDataGET /:supi/trace-data
  • HandleGetUeContextInSmfDataGET /:supi/ue-context-in-smf-data
  • HandleGetNssaiGET /:supi/nssai
  • HandleGetSmDataGET /:supi/sm-data

By contrast, HandleGetAmData in the same file correctly validates the supi parameter:

// HandleGetAmData — correctly validates (not vulnerable)
supi := c.Params.ByName("supi")
if !validator.IsValidSupi(supi) {
    c.JSON(http.StatusBadRequest, problemDetail)
    return
}

// HandleGetSmfSelectData — missing validation (vulnerable)
supi := c.Params.ByName("supi")
// ← no validator.IsValidSupi(supi) call
s.Processor().GetSmfSelectDataProcedure(c, supi, plmnID, supportedFeatures)

The malformed supi is passed to the processor which constructs a URL to forward the request to UDR. Go's net/url parser rejects the URL containing control characters and returns an error. UDM catches this error and responds with a 500 SYSTEM_FAILURE that includes the full internal UDR URL in the detail field.

This is a missed fix of CVE-2026-27642, which applied the same validator.IsValidSupi() check only to internal/sbi/api_ueauthentication.go (HandleConfirmAuth and HandleGenerateAuthData), leaving the SDM service handlers unpatched.

Proof of Concept

# Vulnerable — returns 500 with internal UDR URL exposed
curl "http://<UDM_HOST>/nudm-sdm/v2/imsi-22277%00INJECTED/smf-select-data"
curl "http://<UDM_HOST>/nudm-sdm/v2/imsi-22277%00INJECTED/nssai"
curl "http://<UDM_HOST>/nudm-sdm/v2/imsi-22277%00INJECTED/trace-data"
curl "http://<UDM_HOST>/nudm-sdm/v2/imsi-22277%00INJECTED/sm-data"

# Expected (vulnerable) response:
# HTTP 500
# {
#   "title": "System failure",
#   "status": 500,
#   "detail": "parse \"http://udr.internal:80/nudr-dr/v2/subscription-data/imsi-22277\x00INJECTED//provisioned-data/smf-selection-subscription-data\": net/url: invalid control character in URL",
#   "cause": "SYSTEM_FAILURE"
# }

# Protected endpoint (for comparison) — returns 400
curl "http://<UDM_HOST>/nudm-sdm/v2/imsi-22277%00INJECTED/am-data"
# HTTP 400
# {"title":"Malformed request syntax","status":400,"detail":"Supi is invalid","cause":"MANDATORY_IE_INCORRECT"}

Impact

An unauthenticated remote attacker can send a crafted GET request to any of the six affected endpoints to obtain:

  1. Internal UDR hostname and port
  2. Full internal API path structure (/nudr-dr/v2/subscription-data/...)
  3. UDR API version
  4. Internal service naming convention

This information can be used to facilitate further attacks against the UDR or other internal 5G core components.

Recommended Fix

Add validator.IsValidSupi() to all six affected handlers, following the pattern already used in HandleGetAmData:

supi := c.Params.ByName("supi")
if !validator.IsValidSupi(supi) {
    problemDetail := models.ProblemDetails{
        Title:  "Malformed request syntax",
        Status: http.StatusBadRequest,
        Detail: "Supi is invalid",
        Cause:  "MANDATORY_IE_INCORRECT",
    }
    c.Set(sbi.IN_PB_DETAILS_CTX_STR, http.StatusText(int(problemDetail.Status)))
    c.JSON(int(problemDetail.Status), problemDetail)
    return
}
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/free5gc/udm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-42459"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-209"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-07T02:09:58Z",
    "nvd_published_at": "2026-05-27T17:16:35Z",
    "severity": "HIGH"
  },
  "details": "## Summary\n\nThe free5GC UDM component fails to validate the `supi` path parameter in six GET handlers of the `nudm-sdm` (Subscriber Data Management) service. An unauthenticated attacker can inject control characters into the SUPI parameter, causing UDM to forward a malformed request to UDR and return a `500 Internal Server Error` response that exposes internal infrastructure details.\n\n## Affected Package\n\n- **Ecosystem**: Go\n- **Package**: `github.com/free5gc/udm`\n- **Affected versions**: `\u003c= v1.4.2`\n- **Patched versions**: none yet\n\n## Details\n\nThe following handlers in `internal/sbi/api_subscriberdatamanagement.go` do not call `validator.IsValidSupi()` before passing the `supi` parameter to the processor:\n\n- `HandleGetSmfSelectData` \u2014 `GET /:supi/smf-select-data`\n- `HandleGetSupi` \u2014 `GET /:supi`\n- `HandleGetTraceData` \u2014 `GET /:supi/trace-data`\n- `HandleGetUeContextInSmfData` \u2014 `GET /:supi/ue-context-in-smf-data`\n- `HandleGetNssai` \u2014 `GET /:supi/nssai`\n- `HandleGetSmData` \u2014 `GET /:supi/sm-data`\n\nBy contrast, `HandleGetAmData` in the same file correctly validates the `supi` parameter:\n\n```go\n// HandleGetAmData \u2014 correctly validates (not vulnerable)\nsupi := c.Params.ByName(\"supi\")\nif !validator.IsValidSupi(supi) {\n    c.JSON(http.StatusBadRequest, problemDetail)\n    return\n}\n\n// HandleGetSmfSelectData \u2014 missing validation (vulnerable)\nsupi := c.Params.ByName(\"supi\")\n// \u2190 no validator.IsValidSupi(supi) call\ns.Processor().GetSmfSelectDataProcedure(c, supi, plmnID, supportedFeatures)\n```\n\nThe malformed `supi` is passed to the processor which constructs a URL to forward the request to UDR. Go\u0027s `net/url` parser rejects the URL containing control characters and returns an error. UDM catches this error and responds with a `500 SYSTEM_FAILURE` that includes the full internal UDR URL in the `detail` field.\n\n**This is a missed fix of CVE-2026-27642**, which applied the same `validator.IsValidSupi()` check only to `internal/sbi/api_ueauthentication.go` (`HandleConfirmAuth` and `HandleGenerateAuthData`), leaving the SDM service handlers unpatched.\n\n## Proof of Concept\n\n```bash\n# Vulnerable \u2014 returns 500 with internal UDR URL exposed\ncurl \"http://\u003cUDM_HOST\u003e/nudm-sdm/v2/imsi-22277%00INJECTED/smf-select-data\"\ncurl \"http://\u003cUDM_HOST\u003e/nudm-sdm/v2/imsi-22277%00INJECTED/nssai\"\ncurl \"http://\u003cUDM_HOST\u003e/nudm-sdm/v2/imsi-22277%00INJECTED/trace-data\"\ncurl \"http://\u003cUDM_HOST\u003e/nudm-sdm/v2/imsi-22277%00INJECTED/sm-data\"\n\n# Expected (vulnerable) response:\n# HTTP 500\n# {\n#   \"title\": \"System failure\",\n#   \"status\": 500,\n#   \"detail\": \"parse \\\"http://udr.internal:80/nudr-dr/v2/subscription-data/imsi-22277\\x00INJECTED//provisioned-data/smf-selection-subscription-data\\\": net/url: invalid control character in URL\",\n#   \"cause\": \"SYSTEM_FAILURE\"\n# }\n\n# Protected endpoint (for comparison) \u2014 returns 400\ncurl \"http://\u003cUDM_HOST\u003e/nudm-sdm/v2/imsi-22277%00INJECTED/am-data\"\n# HTTP 400\n# {\"title\":\"Malformed request syntax\",\"status\":400,\"detail\":\"Supi is invalid\",\"cause\":\"MANDATORY_IE_INCORRECT\"}\n```\n\n## Impact\n\nAn unauthenticated remote attacker can send a crafted GET request to any of the six affected endpoints to obtain:\n\n1. Internal UDR hostname and port\n2. Full internal API path structure (`/nudr-dr/v2/subscription-data/...`)\n3. UDR API version\n4. Internal service naming convention\n\nThis information can be used to facilitate further attacks against the UDR or other internal 5G core components.\n\n## Recommended Fix\n\nAdd `validator.IsValidSupi()` to all six affected handlers, following the pattern already used in `HandleGetAmData`:\n\n```go\nsupi := c.Params.ByName(\"supi\")\nif !validator.IsValidSupi(supi) {\n    problemDetail := models.ProblemDetails{\n        Title:  \"Malformed request syntax\",\n        Status: http.StatusBadRequest,\n        Detail: \"Supi is invalid\",\n        Cause:  \"MANDATORY_IE_INCORRECT\",\n    }\n    c.Set(sbi.IN_PB_DETAILS_CTX_STR, http.StatusText(int(problemDetail.Status)))\n    c.JSON(int(problemDetail.Status), problemDetail)\n    return\n}\n```",
  "id": "GHSA-585v-hcgf-jhfr",
  "modified": "2026-06-08T23:46:57Z",
  "published": "2026-05-07T02:09:58Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/free5gc/free5gc/security/advisories/GHSA-585v-hcgf-jhfr"
    },
    {
      "type": "WEB",
      "url": "https://github.com/free5gc/free5gc/security/advisories/GHSA-h4wg-rp7m-8xx4"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42459"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/free5gc/free5gc"
    },
    {
      "type": "WEB",
      "url": "https://github.com/free5gc/udm/blob/v1.4.3/internal/sbi/api_subscriberdatamanagement.go"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Free5GC UDM has Improper Input Validation and Generation of Error Messages Containing Sensitive Information"
}

GHSA-5896-67MW-RV4J

Vulnerability from github – Published: 2022-02-22 00:00 – Updated: 2025-06-09 18:32
VLAI
Details

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-0563"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-209"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-21T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.",
  "id": "GHSA-5896-67mw-rv4j",
  "modified": "2025-06-09T18:32:01Z",
  "published": "2022-02-22T00:00:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0563"
    },
    {
      "type": "WEB",
      "url": "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u"
    },
    {
      "type": "WEB",
      "url": "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202401-08"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220331-0002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-58C7-PX5V-82HH

Vulnerability from github – Published: 2021-04-06 17:28 – Updated: 2024-09-16 21:29
VLAI
Summary
Potential sensitive information disclosed in error reports
Details

django-registration is a user-registration application for Django.

Impact

The django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-registration prior to 3.1.2, the base user-account registration view did not properly apply filters to sensitive data, with the result that sensitive data could be included in error reports rather than removed automatically by Django.

Triggering this requires the following conditions:

  • A site is using django-registration < 3.1.2
  • The site has detailed error reports (such as Django's emailed error reports to site staff/developers) enabled
  • A server-side error (HTTP 5xx) occurs during an attempt by a user to register an account

Under these conditions, recipients of the detailed error report will see all submitted data from the account-registration attempt, which may include the user's proposed credentials (such as a password).

Patches

As of version 3.1.2, django-registration properly applies Django's sensitive_post_parameters() decorator to the base user-registration view, which will cause all data from the HTTP request body to be filtered from detailed error reports in the event of a server-side crash during user account registration.

Note that as applied, this filters all HTTP request data from error reports. To selectively allow some fields but not others, see Django's own documentation (in references) and the notes below for how to apply sensitive_post_parameters() manually to a particular codebase's RegistrationView subclass(es).

Workarounds

Users who cannot upgrade quickly can apply the django.views.decorators.debug.sensitive_post_parameters() decorator to their own registration views. The decorator should be applied on the dispatch() method of the appropriate RegistrationView class, using Django's method_decorator() helper. For example:

from django.utils.decorators import method_decorator
from django.views.decorators.debug import sensitive_post_parameters

from django_registration.views import RegistrationView

class MyRegistrationView(RegistrationView):
    """
    A RegistrationView subclass manually protected against sensitive information disclosure
    in error reports.

    """
    @method_decorator(sensitive_post_parameters())
    def dispatch(self, *args, **kwargs):
        return super().dispatch(*args, **kwargs)

References

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "django-registration"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.1.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-21416"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-201",
      "CWE-209"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-01T21:03:08Z",
    "nvd_published_at": "2021-04-01T22:15:00Z",
    "severity": "LOW"
  },
  "details": "django-registration is a user-registration application for Django. \n\n### Impact\n\nThe django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-registration prior to 3.1.2, the base user-account registration view did not properly apply filters to sensitive data, with the result that sensitive data could be included in error reports rather than removed automatically by Django.\n\nTriggering this requires the following conditions:\n\n* A site is using django-registration \u003c 3.1.2\n* The site has detailed error reports (such as Django\u0027s [emailed error reports to site staff/developers](https://docs.djangoproject.com/en/3.1/howto/error-reporting/#email-reports)) enabled\n* A server-side error (HTTP 5xx) occurs during an attempt by a user to register an account\n\nUnder these conditions, recipients of the detailed error report will see all submitted data from the account-registration attempt, which may include the user\u0027s proposed credentials (such as a password).\n\n### Patches\n\nAs of version 3.1.2, django-registration properly applies Django\u0027s `sensitive_post_parameters()` decorator to the base user-registration view, which will cause all data from the HTTP request body to be filtered from detailed error reports in the event of a server-side crash during user account registration.\n\nNote that as applied, this filters *all* HTTP request data from error reports. To selectively allow some fields but not others, see Django\u0027s own documentation (in references) and the notes below for how to apply `sensitive_post_parameters()` manually to a particular codebase\u0027s `RegistrationView` subclass(es).\n\n### Workarounds\n\nUsers who cannot upgrade quickly can apply the `django.views.decorators.debug.sensitive_post_parameters()` decorator to their own registration views. The decorator should be applied on the `dispatch()` method of the appropriate `RegistrationView` class, using Django\u0027s `method_decorator()` helper. For example:\n\n```python\nfrom django.utils.decorators import method_decorator\nfrom django.views.decorators.debug import sensitive_post_parameters\n\nfrom django_registration.views import RegistrationView\n\nclass MyRegistrationView(RegistrationView):\n    \"\"\"\n    A RegistrationView subclass manually protected against sensitive information disclosure\n    in error reports.\n\n    \"\"\"\n    @method_decorator(sensitive_post_parameters())\n    def dispatch(self, *args, **kwargs):\n        return super().dispatch(*args, **kwargs)\n```\n\n### References\n\n* Django\u0027s documentation on [error reporting in production](https://docs.djangoproject.com/en/3.1/howto/error-reporting/)\n* [How Django\u0027s sensitive-data filters work](https://docs.djangoproject.com/en/3.1/howto/error-reporting/#filtering-error-reports)",
  "id": "GHSA-58c7-px5v-82hh",
  "modified": "2024-09-16T21:29:06Z",
  "published": "2021-04-06T17:28:59Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ubernostrum/django-registration/security/advisories/GHSA-58c7-px5v-82hh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21416"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ubernostrum/django-registration/commit/2db0bb7ec35636ea46b07b146328b87b2cb13ca5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-registration/PYSEC-2021-11.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ubernostrum/django-registration"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Potential sensitive information disclosed in error reports"
}

GHSA-58Q6-PF3M-3MMP

Vulnerability from github – Published: 2025-03-27 12:30 – Updated: 2025-03-27 12:30
VLAI
Details

In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-31141"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-209"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-27T12:15:15Z",
    "severity": "LOW"
  },
  "details": "In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page",
  "id": "GHSA-58q6-pf3m-3mmp",
  "modified": "2025-03-27T12:30:43Z",
  "published": "2025-03-27T12:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31141"
    },
    {
      "type": "WEB",
      "url": "https://www.jetbrains.com/privacy-security/issues-fixed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5C24-J6XR-JMQM

Vulnerability from github – Published: 2022-05-07 00:00 – Updated: 2022-05-18 00:00
VLAI
Details

When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-26070"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-209"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-06T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0.",
  "id": "GHSA-5c24-j6xr-jmqm",
  "modified": "2022-05-18T00:00:38Z",
  "published": "2022-05-07T00:00:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26070"
    },
    {
      "type": "WEB",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0507.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5G2X-GM3X-PM24

Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2022-05-24 17:37
VLAI
Details

If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-2505"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-209"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-24T02:15:00Z",
    "severity": "LOW"
  },
  "details": "If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.",
  "id": "GHSA-5g2x-gm3x-pm24",
  "modified": "2022-05-24T17:37:13Z",
  "published": "2022-05-24T17:37:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2505"
    },
    {
      "type": "WEB",
      "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-17"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-5GM3-5WJ3-FJPJ

Vulnerability from github – Published: 2024-09-08 09:30 – Updated: 2024-09-08 09:30
VLAI
Details

A vulnerability was found in erjemin roll_cms up to 1484fe2c4e0805946a7bcf46218509fcb34883a9. It has been classified as problematic. This affects an unknown part of the file roll_cms/roll_cms/views.py. The manipulation leads to information exposure through error message. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-8571"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-209"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-08T08:15:13Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in erjemin roll_cms up to 1484fe2c4e0805946a7bcf46218509fcb34883a9. It has been classified as problematic. This affects an unknown part of the file roll_cms/roll_cms/views.py. The manipulation leads to information exposure through error message. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.",
  "id": "GHSA-5gm3-5wj3-fjpj",
  "modified": "2024-09-08T09:30:27Z",
  "published": "2024-09-08T09:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8571"
    },
    {
      "type": "WEB",
      "url": "https://github.com/erjemin/roll_cms/issues/1"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.276801"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.276801"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.400796"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-5J8C-469M-FQ24

Vulnerability from github – Published: 2024-07-31 09:30 – Updated: 2025-02-07 18:31
VLAI
Details

A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-5 running only on premise.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-6980"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-209",
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-31T07:15:02Z",
    "severity": "CRITICAL"
  },
  "details": "A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery.\u00a0This issue only affects GravityZone Console versions before 6.38.1-5\u00a0running only on premise.",
  "id": "GHSA-5j8c-469m-fq24",
  "modified": "2025-02-07T18:31:16Z",
  "published": "2024-07-31T09:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6980"
    },
    {
      "type": "WEB",
      "url": "https://www.bitdefender.com/consumer/support/support/security-advisories/verbose-error-handling-issue-in-gravityzone-update-server-proxy-service"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation MIT-39
Implementation
  • Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
  • If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
  • Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
Mitigation
Implementation

Handle exceptions internally and do not display errors containing potentially sensitive information to a user.

Mitigation MIT-33
Implementation

Strategy: Attack Surface Reduction

Use naming conventions and strong types to make it easier to spot when sensitive data is being used. When creating structures, objects, or other complex entities, separate the sensitive and non-sensitive data as much as possible.

Mitigation MIT-40
Implementation Build and Compilation

Strategy: Compilation or Build Hardening

Debugging information should not make its way into a production release.

Mitigation MIT-40
Implementation Build and Compilation

Strategy: Environment Hardening

Debugging information should not make its way into a production release.

Mitigation
System Configuration

Where available, configure the environment to use less verbose error messages. For example, in PHP, disable the display_errors setting during configuration, or at runtime using the error_reporting() function.

Mitigation
System Configuration

Create default error pages or messages that do not leak any information.

CAPEC-215: Fuzzing for application mapping

An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.

CAPEC-463: Padding Oracle Crypto Attack

An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.

CAPEC-54: Query System for Information

An adversary, aware of an application's location (and possibly authorized to use the application), probes an application's structure and evaluates its robustness by submitting requests and examining responses. Often, this is accomplished by sending variants of expected queries in the hope that these modified queries might return information beyond what the expected set of queries would provide.

CAPEC-7: Blind SQL Injection

Blind SQL Injection results from an insufficient mitigation for SQL Injection. Although suppressing database error messages are considered best practice, the suppression alone is not sufficient to prevent SQL Injection. Blind SQL Injection is a form of SQL Injection that overcomes the lack of error messages. Without the error messages that facilitate SQL Injection, the adversary constructs input strings that probe the target through simple Boolean SQL expressions. The adversary can determine if the syntax and structure of the injection was successful based on whether the query was executed or not. Applied iteratively, the adversary determines how and where the target is vulnerable to SQL Injection.