Common Weakness Enumeration

CWE-312

Allowed

Cleartext Storage of Sensitive Information

Abstraction: Base · Status: Draft

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

1017 vulnerabilities reference this CWE, most recent first.

GHSA-QRGP-9JWV-233W

Vulnerability from github – Published: 2023-02-15 12:30 – Updated: 2023-02-24 21:30
VLAI
Details

A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-45154"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-15T10:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.",
  "id": "GHSA-qrgp-9jwv-233w",
  "modified": "2023-02-24T21:30:19Z",
  "published": "2023-02-15T12:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45154"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1207598"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QVPJ-W7XJ-R6W9

Vulnerability from github – Published: 2024-06-02 22:30 – Updated: 2024-06-02 22:30
VLAI
Summary
Password confirmation stored in plain text via registration form in statamic/cms
Details

Users registering via the user:register_form tag will have their password confirmation stored in plain text in their user file.

Impact

This only affects sites matching all of the following conditions: - Running Statamic versions between 5.3.0 and 5.6.1. (This version range represents only one calendar week) - Using the user:register_form tag. - Using file-based user accounts. (Does not affect users stored in a database.) - Has users that have registered during that time period. (Existing users are not affected.)

The password is only visible to users that have access to read user yaml files, typically developers of the application itself.

Patches

The issue has been patched in 5.6.2, however any users registered during that time period and using the affected version range will still have the the password_confirmation value in their yaml files.

We recommend that affected users have their password reset. The following query can be entered into php artisan tinker and will output a list of affected emails:

Statamic\Facades\User::query()->whereNotNull('password_confirmation')->get()->map->email

The following can be entered into tinker and will clear both password_confirmation as well as their existing password. They will be required to reset their password before their next login attempt.

Statamic\Facades\User::query()
  ->whereNotNull('password_confirmation')->get()
  ->each(fn ($user) => $user->remove('password_confirmation')->passwordHash(null)->save());

References

If you are committing user files to a public git repo, you may consider clearing the sensitive data from the git history. You can use the following links for details. - https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository - https://dev.to/balogh08/cleaning-your-git-history-safely-removing-sensitive-data-10i5

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "statamic/cms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.3.0"
            },
            {
              "fixed": "5.6.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-36119"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-02T22:30:45Z",
    "nvd_published_at": "2024-05-30T21:15:09Z",
    "severity": "LOW"
  },
  "details": "Users registering via the `user:register_form` tag will have their password confirmation stored in plain text in their user file.\n\n### Impact\nThis only affects sites matching **all** of the following conditions:\n- Running Statamic versions between 5.3.0 and 5.6.1. (This version range represents only one calendar week)\n- Using the `user:register_form` tag.\n- Using file-based user accounts. (Does not affect users stored in a database.)\n- Has users that have registered during that time period. (Existing users are not affected.)\n\nThe password is only visible to users that have access to read user yaml files, typically developers of the application itself.\n\n### Patches\nThe issue has been patched in 5.6.2, however any users registered during that time period and using the affected version range will still have the the `password_confirmation` value in their yaml files.\n\nWe recommend that affected users have their password reset. The following query can be entered into `php artisan tinker` and will output a list of affected emails:\n\n```php\nStatamic\\Facades\\User::query()-\u003ewhereNotNull(\u0027password_confirmation\u0027)-\u003eget()-\u003emap-\u003eemail\n```\n\nThe following can be entered into `tinker` and will clear both password_confirmation as well as their existing password. They will be required to reset their password before their next login attempt.\n\n```php\nStatamic\\Facades\\User::query()\n  -\u003ewhereNotNull(\u0027password_confirmation\u0027)-\u003eget()\n  -\u003eeach(fn ($user) =\u003e $user-\u003eremove(\u0027password_confirmation\u0027)-\u003epasswordHash(null)-\u003esave());\n```\n\n### References\nIf you are committing user files to a public git repo, you may consider clearing the sensitive data from the git history. You can use the following links for details.\n- https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository\n- https://dev.to/balogh08/cleaning-your-git-history-safely-removing-sensitive-data-10i5",
  "id": "GHSA-qvpj-w7xj-r6w9",
  "modified": "2024-06-02T22:30:45Z",
  "published": "2024-06-02T22:30:45Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/statamic/cms/security/advisories/GHSA-qvpj-w7xj-r6w9"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36119"
    },
    {
      "type": "WEB",
      "url": "https://github.com/statamic/cms/commit/0b804306c96c99b81755d5bd02df87ddf392853e"
    },
    {
      "type": "WEB",
      "url": "https://dev.to/balogh08/cleaning-your-git-history-safely-removing-sensitive-data-10i5"
    },
    {
      "type": "WEB",
      "url": "https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/statamic/cms"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Password confirmation stored in plain text via registration form in statamic/cms"
}

GHSA-QVX5-9C8X-GMXG

Vulnerability from github – Published: 2026-02-04 00:30 – Updated: 2026-02-04 00:30
VLAI
Details

IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be read by a local user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-33081"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-03T23:16:05Z",
    "severity": "MODERATE"
  },
  "details": "IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be read by a local user.",
  "id": "GHSA-qvx5-9c8x-gmxg",
  "modified": "2026-02-04T00:30:29Z",
  "published": "2026-02-04T00:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33081"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7257565"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QVX9-7C6J-G2HG

Vulnerability from github – Published: 2022-04-30 18:21 – Updated: 2024-02-10 03:30
VLAI
Details

phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie, which allows remote attackers to retrieve the administrative password.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2002-1800"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2002-12-31T05:00:00Z",
    "severity": "MODERATE"
  },
  "details": "phpRank 1.8 stores the administrative password in plaintext on the server and in the \"ap\" cookie, which allows remote attackers to retrieve the administrative password.",
  "id": "GHSA-qvx9-7c6j-g2hg",
  "modified": "2024-02-10T03:30:17Z",
  "published": "2022-04-30T18:21:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1800"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0148.html"
    },
    {
      "type": "WEB",
      "url": "http://www.iss.net/security_center/static/10352.php"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/5947"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QW3M-JFHW-49PG

Vulnerability from github – Published: 2023-08-31 00:30 – Updated: 2025-02-13 18:31
VLAI
Details

The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3489"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-31T00:15:07Z",
    "severity": "HIGH"
  },
  "details": "The \nfirmwaredownload command on Brocade Fabric OS v9.2.0 could log the \nFTP/SFTP/SCP server password in clear text in the SupportSave file when \nperforming a downgrade from Fabric OS v9.2.0 to any earlier version of \nFabric OS.",
  "id": "GHSA-qw3m-jfhw-49pg",
  "modified": "2025-02-13T18:31:51Z",
  "published": "2023-08-31T00:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3489"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20231124-0003"
    },
    {
      "type": "WEB",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22510"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QWVJ-HF35-5G52

Vulnerability from github – Published: 2022-05-24 19:08 – Updated: 2022-05-24 19:08
VLAI
Details

IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-20510"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-15T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299",
  "id": "GHSA-qwvj-hf35-5g52",
  "modified": "2022-05-24T19:08:09Z",
  "published": "2022-05-24T19:08:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20510"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198299"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6471895"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QX3W-4864-94CH

Vulnerability from github – Published: 2021-03-23 01:53 – Updated: 2021-03-29 17:59
VLAI
Summary
Cleartext storage of session identifier
Details

Problem

User session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system.

Solution

Update to TYPO3 versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described.

Credits

Thanks to TYPO3 security team member Oliver Hader who reported this issue and to TYPO3 core & security team members Benni Mack & Oliver Hader who fixed the issue.

References

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 6.2.56"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.2.0"
            },
            {
              "fixed": "6.2.57"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 7.6.50"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.6.51"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 8.7.39"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0.0"
            },
            {
              "fixed": "8.7.40"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.0.0"
            },
            {
              "fixed": "10.4.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.0.0"
            },
            {
              "fixed": "11.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0"
            },
            {
              "fixed": "9.5.25"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.0.0"
            },
            {
              "fixed": "10.4.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.0.0"
            },
            {
              "fixed": "11.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0"
            },
            {
              "fixed": "9.5.25"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-21339"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-03-23T01:41:13Z",
    "nvd_published_at": "2021-03-23T02:15:00Z",
    "severity": "MODERATE"
  },
  "details": "\n### Problem\nUser session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system.\n\n### Solution\nUpdate to TYPO3 versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described.\n\n### Credits\nThanks to TYPO3 security team member Oliver Hader who reported this issue and to TYPO3 core \u0026 security team members Benni Mack \u0026 Oliver Hader who fixed the issue.\n\n### References\n* [TYPO3-CORE-SA-2021-006](https://typo3.org/security/advisory/typo3-core-sa-2021-006)",
  "id": "GHSA-qx3w-4864-94ch",
  "modified": "2021-03-29T17:59:09Z",
  "published": "2021-03-23T01:53:42Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21339"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21339.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21339.yaml"
    },
    {
      "type": "WEB",
      "url": "https://packagist.org/packages/typo3/cms-core"
    },
    {
      "type": "WEB",
      "url": "https://typo3.org/security/advisory/typo3-core-sa-2021-006"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Cleartext storage of session identifier"
}

GHSA-QXV9-H435-QXG6

Vulnerability from github – Published: 2026-03-03 03:32 – Updated: 2026-03-03 03:32
VLAI
Details

Cleartext Storage of Sensitive Information (CWE-312) in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract the session token and exploit access for a limited duration.

This issue affects Command Centre Mobile Client versions prior to 9.40.123.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-47147"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-03T03:15:54Z",
    "severity": "MODERATE"
  },
  "details": "Cleartext Storage of Sensitive Information (CWE-312) in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator\u0027s mobile device to extract the session token and exploit access for a limited duration. \n\n \n\nThis issue affects Command Centre Mobile Client versions prior to 9.40.123.",
  "id": "GHSA-qxv9-h435-qxg6",
  "modified": "2026-03-03T03:32:41Z",
  "published": "2026-03-03T03:32:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47147"
    },
    {
      "type": "WEB",
      "url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2025-47147"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R2FF-GW5R-6X3Q

Vulnerability from github – Published: 2022-10-19 19:00 – Updated: 2022-10-21 19:01
VLAI
Details

A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style. This flaw allows an attacker with sufficient privileges to read the log file, leading to confidentiality loss.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-2805"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-19T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style. This flaw allows an attacker with sufficient privileges to read the log file, leading to confidentiality loss.",
  "id": "GHSA-r2ff-gw5r-6x3q",
  "modified": "2022-10-21T19:01:15Z",
  "published": "2022-10-19T19:00:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2805"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2022-2805"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079545"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R2H4-4C8X-933J

Vulnerability from github – Published: 2025-06-27 03:30 – Updated: 2025-10-24 18:30
VLAI
Details

Flock Safety Gunshot Detection devices before 1.3 have cleartext storage of code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-47820"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-27T02:15:23Z",
    "severity": "LOW"
  },
  "details": "Flock Safety Gunshot Detection devices before 1.3 have cleartext storage of code.",
  "id": "GHSA-r2h4-4c8x-933j",
  "modified": "2025-10-24T18:30:57Z",
  "published": "2025-06-27T03:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47820"
    },
    {
      "type": "WEB",
      "url": "https://gainsec.com/2025/06/19/bird-hunting-season-security-research-on-flock-safety-anti-crime-systems"
    },
    {
      "type": "WEB",
      "url": "https://gainsec.com/2025/06/19/plucked-and-rooted-device-1-debug-shell-on-flock-safetys-raven-gunshot-detection-system"
    },
    {
      "type": "WEB",
      "url": "https://gainsec.com/wp-content/uploads/2025/06/flock-safety-researcher-summary.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.flocksafety.com/articles/gunshot-detection-and-license-plate-reader-security-alert"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301]

Mitigation
Implementation System Configuration Operation

In some systems/environments such as cloud, the use of "double encryption" (at both the software and hardware layer) might be required, and the developer might be solely responsible for both layers, instead of shared responsibility with the administrator of the broader system/environment.

CAPEC-37: Retrieve Embedded Sensitive Data

An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.