Common Weakness Enumeration

CWE-312

Allowed

Cleartext Storage of Sensitive Information

Abstraction: Base · Status: Draft

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

1017 vulnerabilities reference this CWE, most recent first.

GHSA-VWPW-RFX3-GQFW

Vulnerability from github – Published: 2022-05-24 22:01 – Updated: 2022-12-13 03:30
VLAI
Details

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. IBM X-Force ID: 1610141.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-4314"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-29T00:15:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. IBM X-Force ID: 1610141.",
  "id": "GHSA-vwpw-rfx3-gqfw",
  "modified": "2022-12-13T03:30:44Z",
  "published": "2022-05-24T22:01:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-4314"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161041"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/1096912"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VX3W-MR85-R8VR

Vulnerability from github – Published: 2023-08-14 18:32 – Updated: 2024-04-04 06:55
VLAI
Details

An issue was discovered in MariaDB MaxScale before 23.02.3. A user enters an encrypted password on a "maxctrl create service" command line, but this password is then stored in cleartext in the resulting .cnf file under /var/lib/maxscale/maxscale.cnf.d. The fixed versions are 2.5.28, 6.4.9, 22.08.8, and 23.02.3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-40354"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-14T17:15:10Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in MariaDB MaxScale before 23.02.3. A user enters an encrypted password on a \"maxctrl create service\" command line, but this password is then stored in cleartext in the resulting .cnf file under /var/lib/maxscale/maxscale.cnf.d. The fixed versions are 2.5.28, 6.4.9, 22.08.8, and 23.02.3.",
  "id": "GHSA-vx3w-mr85-r8vr",
  "modified": "2024-04-04T06:55:08Z",
  "published": "2023-08-14T18:32:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40354"
    },
    {
      "type": "WEB",
      "url": "https://jira.mariadb.org/browse/MXS-4681"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VX6M-H78H-XXCF

Vulnerability from github – Published: 2025-07-21 12:30 – Updated: 2025-07-21 12:30
VLAI
Details

Unencrypted storage in the database in Two App Studio Journey v5.5.9 for iOS allows local attackers to extract sensitive data via direct access to the app’s filesystem.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-41458"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-21T11:15:23Z",
    "severity": "MODERATE"
  },
  "details": "Unencrypted storage in the database in Two App Studio Journey v5.5.9 for iOS allows local attackers to extract sensitive data via direct access to the app\u2019s filesystem.",
  "id": "GHSA-vx6m-h78h-xxcf",
  "modified": "2025-07-21T12:30:34Z",
  "published": "2025-07-21T12:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41458"
    },
    {
      "type": "WEB",
      "url": "https://www.cirosec.de/sa/sa-2025-005"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VXJM-JCH6-9QR5

Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-05-24 19:06
VLAI
Details

OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected Thunderbird versions. This vulnerability affects Thunderbird < 78.10.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-29956"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-24T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user\u0027s local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected Thunderbird versions. This vulnerability affects Thunderbird \u003c 78.10.2.",
  "id": "GHSA-vxjm-jch6-9qr5",
  "modified": "2022-05-24T19:06:08Z",
  "published": "2022-05-24T19:06:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29956"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1710290"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2021-22"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-VXM7-H9HR-QR3W

Vulnerability from github – Published: 2022-05-24 17:46 – Updated: 2022-05-24 17:46
VLAI
Details

Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-25692"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-06T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Sensitive smart card data is logged in default INFO logs by Teradici\u0027s PCoIP Connection Manager and Security Gateway prior to version 21.01.3.",
  "id": "GHSA-vxm7-h9hr-qr3w",
  "modified": "2022-05-24T17:46:37Z",
  "published": "2022-05-24T17:46:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25692"
    },
    {
      "type": "WEB",
      "url": "https://advisory.teradici.com/security-advisories/77"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-W345-4XM5-Q2XP

Vulnerability from github – Published: 2024-12-04 03:31 – Updated: 2024-12-04 03:31
VLAI
Details

A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup on the attacker's side. This exposes sensitive data, which could be used for further attacks, including unauthorized access to systems managed by the platform.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-42451"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-04T02:15:04Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in Veeam Backup \u0026 Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup on the attacker\u0027s side. This exposes sensitive data, which could be used for further attacks, including unauthorized access to systems managed by the platform.",
  "id": "GHSA-w345-4xm5-q2xp",
  "modified": "2024-12-04T03:31:15Z",
  "published": "2024-12-04T03:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42451"
    },
    {
      "type": "WEB",
      "url": "https://www.veeam.com/kb4693"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W3FR-WWFG-6332

Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-05-24 19:17
VLAI
Details

IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-38915"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-12T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947.",
  "id": "GHSA-w3fr-wwfg-6332",
  "modified": "2022-05-24T19:17:16Z",
  "published": "2022-05-24T19:17:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38915"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209947"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6497499"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-W3G5-QFMH-45M7

Vulnerability from github – Published: 2022-06-12 00:00 – Updated: 2022-06-18 00:00
VLAI
Details

A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been declared as problematic. This vulnerability affects unknown code of the component Password Storage. The manipulation leads to weak encryption. Attacking locally is a requirement.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-20040"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-11T10:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been declared as problematic. This vulnerability affects unknown code of the component Password Storage. The manipulation leads to weak encryption. Attacking locally is a requirement.",
  "id": "GHSA-w3g5-qfmh-45m7",
  "modified": "2022-06-18T00:00:22Z",
  "published": "2022-06-12T00:00:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-20040"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.98908"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2017/Mar/25"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W496-F5JM-W9C3

Vulnerability from github – Published: 2023-01-30 09:30 – Updated: 2025-11-04 00:30
VLAI
Details

Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series. A specific database user's authentication information may be obtained by another database user. As a result, the information stored in the database may be altered and/or database may be suspended by a remote attacker who successfully logged in the product with the obtained credentials.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-22332"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-30T07:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series. A specific database user\u0027s authentication information may be obtained by another database user. As a result, the information stored in the database may be altered and/or database may be suspended by a remote attacker who successfully logged in the product with the obtained credentials.",
  "id": "GHSA-w496-f5jm-w9c3",
  "modified": "2025-11-04T00:30:35Z",
  "published": "2023-01-30T09:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22332"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN72418815"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "https://www.pgpool.net/mediawiki/index.php/Main_Page#News"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W6G3-R938-VJ7F

Vulnerability from github – Published: 2024-11-04 21:30 – Updated: 2024-11-05 18:32
VLAI
Details

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-34891"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-04T19:15:06Z",
    "severity": "MODERATE"
  },
  "details": "Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request.",
  "id": "GHSA-w6g3-r938-vj7f",
  "modified": "2024-11-05T18:32:05Z",
  "published": "2024-11-04T21:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34891"
    },
    {
      "type": "WEB",
      "url": "https://github.com/DrieVlad/BitrixVulns"
    },
    {
      "type": "WEB",
      "url": "http://bitrix24.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301]

Mitigation
Implementation System Configuration Operation

In some systems/environments such as cloud, the use of "double encryption" (at both the software and hardware layer) might be required, and the developer might be solely responsible for both layers, instead of shared responsibility with the administrator of the broader system/environment.

CAPEC-37: Retrieve Embedded Sensitive Data

An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.