CWE-209
AllowedGeneration of Error Message Containing Sensitive Information
Abstraction: Base · Status: Draft
The product generates an error message that includes sensitive information about its environment, users, or associated data.
833 vulnerabilities reference this CWE, most recent first.
GHSA-5733-M8XV-F92M
Vulnerability from github – Published: 2022-04-05 00:00 – Updated: 2022-04-12 00:00Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration.
{
"affected": [],
"aliases": [
"CVE-2022-1120"
],
"database_specific": {
"cwe_ids": [
"CWE-209"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-04T20:15:00Z",
"severity": "MODERATE"
},
"details": "Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration.",
"id": "GHSA-5733-m8xv-f92m",
"modified": "2022-04-12T00:00:52Z",
"published": "2022-04-05T00:00:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1120"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1408731"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1120.json"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/343466"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5782-28W3-V3Q8
Vulnerability from github – Published: 2025-02-18 06:35 – Updated: 2026-04-08 18:33The WooODT Lite – Delivery & pickup date time location for WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.5.1. This is due the /inc/bycwooodt_get_all_orders.php file being publicly accessible and generating a publicly visible error message. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
{
"affected": [],
"aliases": [
"CVE-2024-13540"
],
"database_specific": {
"cwe_ids": [
"CWE-209"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-18T05:15:13Z",
"severity": "MODERATE"
},
"details": "The WooODT Lite \u2013 Delivery \u0026 pickup date time location for WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.5.1. This is due the /inc/bycwooodt_get_all_orders.php file being publicly accessible and generating a publicly visible error message. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.",
"id": "GHSA-5782-28w3-v3q8",
"modified": "2026-04-08T18:33:48Z",
"published": "2025-02-18T06:35:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13540"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/byconsole-woo-order-delivery-time/trunk/inc/bycwooodt_get_all_orders.php"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3248763%40byconsole-woo-order-delivery-time\u0026new=3248763%40byconsole-woo-order-delivery-time\u0026sfp_email=\u0026sfph_mail="
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4158f6ff-8e0f-4531-8c94-f59220d6fea6?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-585V-HCGF-JHFR
Vulnerability from github – Published: 2026-05-07 02:09 – Updated: 2026-06-08 23:46Summary
The free5GC UDM component fails to validate the supi path parameter in six GET handlers of the nudm-sdm (Subscriber Data Management) service. An unauthenticated attacker can inject control characters into the SUPI parameter, causing UDM to forward a malformed request to UDR and return a 500 Internal Server Error response that exposes internal infrastructure details.
Affected Package
- Ecosystem: Go
- Package:
github.com/free5gc/udm - Affected versions:
<= v1.4.2 - Patched versions: none yet
Details
The following handlers in internal/sbi/api_subscriberdatamanagement.go do not call validator.IsValidSupi() before passing the supi parameter to the processor:
HandleGetSmfSelectData—GET /:supi/smf-select-dataHandleGetSupi—GET /:supiHandleGetTraceData—GET /:supi/trace-dataHandleGetUeContextInSmfData—GET /:supi/ue-context-in-smf-dataHandleGetNssai—GET /:supi/nssaiHandleGetSmData—GET /:supi/sm-data
By contrast, HandleGetAmData in the same file correctly validates the supi parameter:
// HandleGetAmData — correctly validates (not vulnerable)
supi := c.Params.ByName("supi")
if !validator.IsValidSupi(supi) {
c.JSON(http.StatusBadRequest, problemDetail)
return
}
// HandleGetSmfSelectData — missing validation (vulnerable)
supi := c.Params.ByName("supi")
// ← no validator.IsValidSupi(supi) call
s.Processor().GetSmfSelectDataProcedure(c, supi, plmnID, supportedFeatures)
The malformed supi is passed to the processor which constructs a URL to forward the request to UDR. Go's net/url parser rejects the URL containing control characters and returns an error. UDM catches this error and responds with a 500 SYSTEM_FAILURE that includes the full internal UDR URL in the detail field.
This is a missed fix of CVE-2026-27642, which applied the same validator.IsValidSupi() check only to internal/sbi/api_ueauthentication.go (HandleConfirmAuth and HandleGenerateAuthData), leaving the SDM service handlers unpatched.
Proof of Concept
# Vulnerable — returns 500 with internal UDR URL exposed
curl "http://<UDM_HOST>/nudm-sdm/v2/imsi-22277%00INJECTED/smf-select-data"
curl "http://<UDM_HOST>/nudm-sdm/v2/imsi-22277%00INJECTED/nssai"
curl "http://<UDM_HOST>/nudm-sdm/v2/imsi-22277%00INJECTED/trace-data"
curl "http://<UDM_HOST>/nudm-sdm/v2/imsi-22277%00INJECTED/sm-data"
# Expected (vulnerable) response:
# HTTP 500
# {
# "title": "System failure",
# "status": 500,
# "detail": "parse \"http://udr.internal:80/nudr-dr/v2/subscription-data/imsi-22277\x00INJECTED//provisioned-data/smf-selection-subscription-data\": net/url: invalid control character in URL",
# "cause": "SYSTEM_FAILURE"
# }
# Protected endpoint (for comparison) — returns 400
curl "http://<UDM_HOST>/nudm-sdm/v2/imsi-22277%00INJECTED/am-data"
# HTTP 400
# {"title":"Malformed request syntax","status":400,"detail":"Supi is invalid","cause":"MANDATORY_IE_INCORRECT"}
Impact
An unauthenticated remote attacker can send a crafted GET request to any of the six affected endpoints to obtain:
- Internal UDR hostname and port
- Full internal API path structure (
/nudr-dr/v2/subscription-data/...) - UDR API version
- Internal service naming convention
This information can be used to facilitate further attacks against the UDR or other internal 5G core components.
Recommended Fix
Add validator.IsValidSupi() to all six affected handlers, following the pattern already used in HandleGetAmData:
supi := c.Params.ByName("supi")
if !validator.IsValidSupi(supi) {
problemDetail := models.ProblemDetails{
Title: "Malformed request syntax",
Status: http.StatusBadRequest,
Detail: "Supi is invalid",
Cause: "MANDATORY_IE_INCORRECT",
}
c.Set(sbi.IN_PB_DETAILS_CTX_STR, http.StatusText(int(problemDetail.Status)))
c.JSON(int(problemDetail.Status), problemDetail)
return
}
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/free5gc/udm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.4.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-42459"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-209"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-07T02:09:58Z",
"nvd_published_at": "2026-05-27T17:16:35Z",
"severity": "HIGH"
},
"details": "## Summary\n\nThe free5GC UDM component fails to validate the `supi` path parameter in six GET handlers of the `nudm-sdm` (Subscriber Data Management) service. An unauthenticated attacker can inject control characters into the SUPI parameter, causing UDM to forward a malformed request to UDR and return a `500 Internal Server Error` response that exposes internal infrastructure details.\n\n## Affected Package\n\n- **Ecosystem**: Go\n- **Package**: `github.com/free5gc/udm`\n- **Affected versions**: `\u003c= v1.4.2`\n- **Patched versions**: none yet\n\n## Details\n\nThe following handlers in `internal/sbi/api_subscriberdatamanagement.go` do not call `validator.IsValidSupi()` before passing the `supi` parameter to the processor:\n\n- `HandleGetSmfSelectData` \u2014 `GET /:supi/smf-select-data`\n- `HandleGetSupi` \u2014 `GET /:supi`\n- `HandleGetTraceData` \u2014 `GET /:supi/trace-data`\n- `HandleGetUeContextInSmfData` \u2014 `GET /:supi/ue-context-in-smf-data`\n- `HandleGetNssai` \u2014 `GET /:supi/nssai`\n- `HandleGetSmData` \u2014 `GET /:supi/sm-data`\n\nBy contrast, `HandleGetAmData` in the same file correctly validates the `supi` parameter:\n\n```go\n// HandleGetAmData \u2014 correctly validates (not vulnerable)\nsupi := c.Params.ByName(\"supi\")\nif !validator.IsValidSupi(supi) {\n c.JSON(http.StatusBadRequest, problemDetail)\n return\n}\n\n// HandleGetSmfSelectData \u2014 missing validation (vulnerable)\nsupi := c.Params.ByName(\"supi\")\n// \u2190 no validator.IsValidSupi(supi) call\ns.Processor().GetSmfSelectDataProcedure(c, supi, plmnID, supportedFeatures)\n```\n\nThe malformed `supi` is passed to the processor which constructs a URL to forward the request to UDR. Go\u0027s `net/url` parser rejects the URL containing control characters and returns an error. UDM catches this error and responds with a `500 SYSTEM_FAILURE` that includes the full internal UDR URL in the `detail` field.\n\n**This is a missed fix of CVE-2026-27642**, which applied the same `validator.IsValidSupi()` check only to `internal/sbi/api_ueauthentication.go` (`HandleConfirmAuth` and `HandleGenerateAuthData`), leaving the SDM service handlers unpatched.\n\n## Proof of Concept\n\n```bash\n# Vulnerable \u2014 returns 500 with internal UDR URL exposed\ncurl \"http://\u003cUDM_HOST\u003e/nudm-sdm/v2/imsi-22277%00INJECTED/smf-select-data\"\ncurl \"http://\u003cUDM_HOST\u003e/nudm-sdm/v2/imsi-22277%00INJECTED/nssai\"\ncurl \"http://\u003cUDM_HOST\u003e/nudm-sdm/v2/imsi-22277%00INJECTED/trace-data\"\ncurl \"http://\u003cUDM_HOST\u003e/nudm-sdm/v2/imsi-22277%00INJECTED/sm-data\"\n\n# Expected (vulnerable) response:\n# HTTP 500\n# {\n# \"title\": \"System failure\",\n# \"status\": 500,\n# \"detail\": \"parse \\\"http://udr.internal:80/nudr-dr/v2/subscription-data/imsi-22277\\x00INJECTED//provisioned-data/smf-selection-subscription-data\\\": net/url: invalid control character in URL\",\n# \"cause\": \"SYSTEM_FAILURE\"\n# }\n\n# Protected endpoint (for comparison) \u2014 returns 400\ncurl \"http://\u003cUDM_HOST\u003e/nudm-sdm/v2/imsi-22277%00INJECTED/am-data\"\n# HTTP 400\n# {\"title\":\"Malformed request syntax\",\"status\":400,\"detail\":\"Supi is invalid\",\"cause\":\"MANDATORY_IE_INCORRECT\"}\n```\n\n## Impact\n\nAn unauthenticated remote attacker can send a crafted GET request to any of the six affected endpoints to obtain:\n\n1. Internal UDR hostname and port\n2. Full internal API path structure (`/nudr-dr/v2/subscription-data/...`)\n3. UDR API version\n4. Internal service naming convention\n\nThis information can be used to facilitate further attacks against the UDR or other internal 5G core components.\n\n## Recommended Fix\n\nAdd `validator.IsValidSupi()` to all six affected handlers, following the pattern already used in `HandleGetAmData`:\n\n```go\nsupi := c.Params.ByName(\"supi\")\nif !validator.IsValidSupi(supi) {\n problemDetail := models.ProblemDetails{\n Title: \"Malformed request syntax\",\n Status: http.StatusBadRequest,\n Detail: \"Supi is invalid\",\n Cause: \"MANDATORY_IE_INCORRECT\",\n }\n c.Set(sbi.IN_PB_DETAILS_CTX_STR, http.StatusText(int(problemDetail.Status)))\n c.JSON(int(problemDetail.Status), problemDetail)\n return\n}\n```",
"id": "GHSA-585v-hcgf-jhfr",
"modified": "2026-06-08T23:46:57Z",
"published": "2026-05-07T02:09:58Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/free5gc/free5gc/security/advisories/GHSA-585v-hcgf-jhfr"
},
{
"type": "WEB",
"url": "https://github.com/free5gc/free5gc/security/advisories/GHSA-h4wg-rp7m-8xx4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42459"
},
{
"type": "PACKAGE",
"url": "https://github.com/free5gc/free5gc"
},
{
"type": "WEB",
"url": "https://github.com/free5gc/udm/blob/v1.4.3/internal/sbi/api_subscriberdatamanagement.go"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "Free5GC UDM has Improper Input Validation and Generation of Error Messages Containing Sensitive Information"
}
GHSA-5896-67MW-RV4J
Vulnerability from github – Published: 2022-02-22 00:00 – Updated: 2025-06-09 18:32A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.
{
"affected": [],
"aliases": [
"CVE-2022-0563"
],
"database_specific": {
"cwe_ids": [
"CWE-209"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-21T19:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.",
"id": "GHSA-5896-67mw-rv4j",
"modified": "2025-06-09T18:32:01Z",
"published": "2022-02-22T00:00:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0563"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202401-08"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220331-0002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-58C7-PX5V-82HH
Vulnerability from github – Published: 2021-04-06 17:28 – Updated: 2024-09-16 21:29django-registration is a user-registration application for Django.
Impact
The django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-registration prior to 3.1.2, the base user-account registration view did not properly apply filters to sensitive data, with the result that sensitive data could be included in error reports rather than removed automatically by Django.
Triggering this requires the following conditions:
- A site is using django-registration < 3.1.2
- The site has detailed error reports (such as Django's emailed error reports to site staff/developers) enabled
- A server-side error (HTTP 5xx) occurs during an attempt by a user to register an account
Under these conditions, recipients of the detailed error report will see all submitted data from the account-registration attempt, which may include the user's proposed credentials (such as a password).
Patches
As of version 3.1.2, django-registration properly applies Django's sensitive_post_parameters() decorator to the base user-registration view, which will cause all data from the HTTP request body to be filtered from detailed error reports in the event of a server-side crash during user account registration.
Note that as applied, this filters all HTTP request data from error reports. To selectively allow some fields but not others, see Django's own documentation (in references) and the notes below for how to apply sensitive_post_parameters() manually to a particular codebase's RegistrationView subclass(es).
Workarounds
Users who cannot upgrade quickly can apply the django.views.decorators.debug.sensitive_post_parameters() decorator to their own registration views. The decorator should be applied on the dispatch() method of the appropriate RegistrationView class, using Django's method_decorator() helper. For example:
from django.utils.decorators import method_decorator
from django.views.decorators.debug import sensitive_post_parameters
from django_registration.views import RegistrationView
class MyRegistrationView(RegistrationView):
"""
A RegistrationView subclass manually protected against sensitive information disclosure
in error reports.
"""
@method_decorator(sensitive_post_parameters())
def dispatch(self, *args, **kwargs):
return super().dispatch(*args, **kwargs)
References
- Django's documentation on error reporting in production
- How Django's sensitive-data filters work
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "django-registration"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-21416"
],
"database_specific": {
"cwe_ids": [
"CWE-201",
"CWE-209"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-01T21:03:08Z",
"nvd_published_at": "2021-04-01T22:15:00Z",
"severity": "LOW"
},
"details": "django-registration is a user-registration application for Django. \n\n### Impact\n\nThe django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-registration prior to 3.1.2, the base user-account registration view did not properly apply filters to sensitive data, with the result that sensitive data could be included in error reports rather than removed automatically by Django.\n\nTriggering this requires the following conditions:\n\n* A site is using django-registration \u003c 3.1.2\n* The site has detailed error reports (such as Django\u0027s [emailed error reports to site staff/developers](https://docs.djangoproject.com/en/3.1/howto/error-reporting/#email-reports)) enabled\n* A server-side error (HTTP 5xx) occurs during an attempt by a user to register an account\n\nUnder these conditions, recipients of the detailed error report will see all submitted data from the account-registration attempt, which may include the user\u0027s proposed credentials (such as a password).\n\n### Patches\n\nAs of version 3.1.2, django-registration properly applies Django\u0027s `sensitive_post_parameters()` decorator to the base user-registration view, which will cause all data from the HTTP request body to be filtered from detailed error reports in the event of a server-side crash during user account registration.\n\nNote that as applied, this filters *all* HTTP request data from error reports. To selectively allow some fields but not others, see Django\u0027s own documentation (in references) and the notes below for how to apply `sensitive_post_parameters()` manually to a particular codebase\u0027s `RegistrationView` subclass(es).\n\n### Workarounds\n\nUsers who cannot upgrade quickly can apply the `django.views.decorators.debug.sensitive_post_parameters()` decorator to their own registration views. The decorator should be applied on the `dispatch()` method of the appropriate `RegistrationView` class, using Django\u0027s `method_decorator()` helper. For example:\n\n```python\nfrom django.utils.decorators import method_decorator\nfrom django.views.decorators.debug import sensitive_post_parameters\n\nfrom django_registration.views import RegistrationView\n\nclass MyRegistrationView(RegistrationView):\n \"\"\"\n A RegistrationView subclass manually protected against sensitive information disclosure\n in error reports.\n\n \"\"\"\n @method_decorator(sensitive_post_parameters())\n def dispatch(self, *args, **kwargs):\n return super().dispatch(*args, **kwargs)\n```\n\n### References\n\n* Django\u0027s documentation on [error reporting in production](https://docs.djangoproject.com/en/3.1/howto/error-reporting/)\n* [How Django\u0027s sensitive-data filters work](https://docs.djangoproject.com/en/3.1/howto/error-reporting/#filtering-error-reports)",
"id": "GHSA-58c7-px5v-82hh",
"modified": "2024-09-16T21:29:06Z",
"published": "2021-04-06T17:28:59Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ubernostrum/django-registration/security/advisories/GHSA-58c7-px5v-82hh"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21416"
},
{
"type": "WEB",
"url": "https://github.com/ubernostrum/django-registration/commit/2db0bb7ec35636ea46b07b146328b87b2cb13ca5"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-registration/PYSEC-2021-11.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/ubernostrum/django-registration"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Potential sensitive information disclosed in error reports"
}
GHSA-58Q6-PF3M-3MMP
Vulnerability from github – Published: 2025-03-27 12:30 – Updated: 2025-03-27 12:30In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page
{
"affected": [],
"aliases": [
"CVE-2025-31141"
],
"database_specific": {
"cwe_ids": [
"CWE-209"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-27T12:15:15Z",
"severity": "LOW"
},
"details": "In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page",
"id": "GHSA-58q6-pf3m-3mmp",
"modified": "2025-03-27T12:30:43Z",
"published": "2025-03-27T12:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31141"
},
{
"type": "WEB",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5C24-J6XR-JMQM
Vulnerability from github – Published: 2022-05-07 00:00 – Updated: 2022-05-18 00:00When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0.
{
"affected": [],
"aliases": [
"CVE-2022-26070"
],
"database_specific": {
"cwe_ids": [
"CWE-209"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-06T17:15:00Z",
"severity": "MODERATE"
},
"details": "When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0.",
"id": "GHSA-5c24-j6xr-jmqm",
"modified": "2022-05-18T00:00:38Z",
"published": "2022-05-07T00:00:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26070"
},
{
"type": "WEB",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0507.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5G2X-GM3X-PM24
Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2022-05-24 17:37If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.
{
"affected": [],
"aliases": [
"CVE-2020-2505"
],
"database_specific": {
"cwe_ids": [
"CWE-209"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-24T02:15:00Z",
"severity": "LOW"
},
"details": "If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.",
"id": "GHSA-5g2x-gm3x-pm24",
"modified": "2022-05-24T17:37:13Z",
"published": "2022-05-24T17:37:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2505"
},
{
"type": "WEB",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-17"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-5GM3-5WJ3-FJPJ
Vulnerability from github – Published: 2024-09-08 09:30 – Updated: 2024-09-08 09:30A vulnerability was found in erjemin roll_cms up to 1484fe2c4e0805946a7bcf46218509fcb34883a9. It has been classified as problematic. This affects an unknown part of the file roll_cms/roll_cms/views.py. The manipulation leads to information exposure through error message. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
{
"affected": [],
"aliases": [
"CVE-2024-8571"
],
"database_specific": {
"cwe_ids": [
"CWE-209"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-08T08:15:13Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in erjemin roll_cms up to 1484fe2c4e0805946a7bcf46218509fcb34883a9. It has been classified as problematic. This affects an unknown part of the file roll_cms/roll_cms/views.py. The manipulation leads to information exposure through error message. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.",
"id": "GHSA-5gm3-5wj3-fjpj",
"modified": "2024-09-08T09:30:27Z",
"published": "2024-09-08T09:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8571"
},
{
"type": "WEB",
"url": "https://github.com/erjemin/roll_cms/issues/1"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.276801"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.276801"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.400796"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-5J8C-469M-FQ24
Vulnerability from github – Published: 2024-07-31 09:30 – Updated: 2025-02-07 18:31A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-5 running only on premise.
{
"affected": [],
"aliases": [
"CVE-2024-6980"
],
"database_specific": {
"cwe_ids": [
"CWE-209",
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-31T07:15:02Z",
"severity": "CRITICAL"
},
"details": "A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery.\u00a0This issue only affects GravityZone Console versions before 6.38.1-5\u00a0running only on premise.",
"id": "GHSA-5j8c-469m-fq24",
"modified": "2025-02-07T18:31:16Z",
"published": "2024-07-31T09:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6980"
},
{
"type": "WEB",
"url": "https://www.bitdefender.com/consumer/support/support/security-advisories/verbose-error-handling-issue-in-gravityzone-update-server-proxy-service"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-39
- Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
- If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
- Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
Mitigation
Handle exceptions internally and do not display errors containing potentially sensitive information to a user.
Mitigation MIT-33
Strategy: Attack Surface Reduction
Use naming conventions and strong types to make it easier to spot when sensitive data is being used. When creating structures, objects, or other complex entities, separate the sensitive and non-sensitive data as much as possible.
Mitigation MIT-40
Strategy: Compilation or Build Hardening
Debugging information should not make its way into a production release.
Mitigation MIT-40
Strategy: Environment Hardening
Debugging information should not make its way into a production release.
Mitigation
Where available, configure the environment to use less verbose error messages. For example, in PHP, disable the display_errors setting during configuration, or at runtime using the error_reporting() function.
Mitigation
Create default error pages or messages that do not leak any information.
CAPEC-215: Fuzzing for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-54: Query System for Information
An adversary, aware of an application's location (and possibly authorized to use the application), probes an application's structure and evaluates its robustness by submitting requests and examining responses. Often, this is accomplished by sending variants of expected queries in the hope that these modified queries might return information beyond what the expected set of queries would provide.
CAPEC-7: Blind SQL Injection
Blind SQL Injection results from an insufficient mitigation for SQL Injection. Although suppressing database error messages are considered best practice, the suppression alone is not sufficient to prevent SQL Injection. Blind SQL Injection is a form of SQL Injection that overcomes the lack of error messages. Without the error messages that facilitate SQL Injection, the adversary constructs input strings that probe the target through simple Boolean SQL expressions. The adversary can determine if the syntax and structure of the injection was successful based on whether the query was executed or not. Applied iteratively, the adversary determines how and where the target is vulnerable to SQL Injection.