Common Weakness Enumeration

CWE-326

Allowed-with-Review

Inadequate Encryption Strength

Abstraction: Class · Status: Draft

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

631 vulnerabilities reference this CWE, most recent first.

GHSA-9P5P-2QC4-589G

Vulnerability from github – Published: 2022-05-17 02:52 – Updated: 2022-05-17 02:52
VLAI
Details

Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM) listener.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-5239"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-27T21:59:00Z",
    "severity": "HIGH"
  },
  "details": "Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM) listener.",
  "id": "GHSA-9p5p-2qc4-589g",
  "modified": "2022-05-17T02:52:28Z",
  "published": "2022-05-17T02:52:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5239"
    },
    {
      "type": "WEB",
      "url": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97194"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9PM7-VPRJ-C6WM

Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2025-11-04 21:30
VLAI
Details

NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to validate bunch note acceptor (BNA) software updates, which can be broken by an attacker with physical access in a sufficiently short period of time, thereby enabling the attacker to sign arbitrary files and CAB archives used to update BNA software, as well as bypass application whitelisting, resulting in the ability to execute arbitrary code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-10125"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-21T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to validate bunch note acceptor (BNA) software updates, which can be broken by an attacker with physical access in a sufficiently short period of time, thereby enabling the attacker to sign arbitrary files and CAB archives used to update BNA software, as well as bypass application whitelisting, resulting in the ability to execute arbitrary code.",
  "id": "GHSA-9pm7-vprj-c6wm",
  "modified": "2025-11-04T21:30:24Z",
  "published": "2022-05-24T17:26:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10125"
    },
    {
      "type": "WEB",
      "url": "https://kb.cert.org/vuls/id/815655"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/815655"
    },
    {
      "type": "WEB",
      "url": "https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Security_Alert-2018-13_APTRA_XFS_"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9RVC-XV25-JJH5

Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2023-08-08 15:31
VLAI
Details

In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-37540"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-06T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used.",
  "id": "GHSA-9rvc-xv25-jjh5",
  "modified": "2023-08-08T15:31:19Z",
  "published": "2022-05-24T19:10:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37540"
    },
    {
      "type": "WEB",
      "url": "https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9V96-J7X8-6WJV

Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2025-10-22 00:31
VLAI
Details

Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-11317"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-23T17:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.",
  "id": "GHSA-9v96-j7x8-6wjv",
  "modified": "2025-10-22T00:31:24Z",
  "published": "2022-05-13T01:14:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11317"
    },
    {
      "type": "WEB",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0006"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11317"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/43874"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.html"
    },
    {
      "type": "WEB",
      "url": "http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-upload"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9W5C-29MX-552C

Vulnerability from github – Published: 2024-04-03 03:30 – Updated: 2024-09-06 21:32
VLAI
Details

An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedtls_ssl_session_reset() API, the maximum TLS version to be negotiated was not restored to the configured one. An attacker was able to prevent an Mbed TLS server from establishing any TLS 1.3 connection, potentially resulting in a Denial of Service or forced version downgrade from TLS 1.3 to TLS 1.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-28755"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-03T03:15:10Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedtls_ssl_session_reset() API, the maximum TLS version to be negotiated was not restored to the configured one. An attacker was able to prevent an Mbed TLS server from establishing any TLS 1.3 connection, potentially resulting in a Denial of Service or forced version downgrade from TLS 1.3 to TLS 1.2.",
  "id": "GHSA-9w5c-29mx-552c",
  "modified": "2024-09-06T21:32:26Z",
  "published": "2024-04-03T03:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28755"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hey3e"
    },
    {
      "type": "WEB",
      "url": "https://hey3e.github.io"
    },
    {
      "type": "WEB",
      "url": "https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9W5V-RMGQ-P82G

Vulnerability from github – Published: 2022-05-24 17:24 – Updated: 2022-05-24 17:24
VLAI
Details

This vulnerability allows remote attackers to disclose sensitive information on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. When transmitting passwords, the process encrypts them in a recoverable format using a hard-coded key. An attacker can leverage this vulnerability to disclose credentials, leading to further compromise. Was ZDI-CAN-10185.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-10919"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-261",
      "CWE-326",
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-07-23T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. When transmitting passwords, the process encrypts them in a recoverable format using a hard-coded key. An attacker can leverage this vulnerability to disclose credentials, leading to further compromise. Was ZDI-CAN-10185.",
  "id": "GHSA-9w5v-rmgq-p82g",
  "modified": "2022-05-24T17:24:12Z",
  "published": "2022-05-24T17:24:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10919"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-806"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C25X-Q5GV-WWM3

Vulnerability from github – Published: 2022-12-08 18:30 – Updated: 2022-12-12 18:30
VLAI
Details

In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-46825"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-08T18:15:00Z",
    "severity": "LOW"
  },
  "details": "In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.",
  "id": "GHSA-c25x-q5gv-wwm3",
  "modified": "2022-12-12T18:30:29Z",
  "published": "2022-12-08T18:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46825"
    },
    {
      "type": "WEB",
      "url": "https://www.jetbrains.com/privacy-security/issues-fixed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C32J-VQHX-RX3X

Vulnerability from github – Published: 2026-05-18 17:24 – Updated: 2026-06-02 22:12
VLAI
Summary
ruby-jwt: Empty-key HMAC bypass; cross-language sibling of CVE-2026-44351
Details

JWT.decode(token, '', true, algorithm: 'HS256') accepts an attacker-forged token. OpenSSL::HMAC.digest('SHA256', '', payload) returns a valid digest under an empty key, and no raise InvalidKeyError if key.empty? precondition exists in the HMAC algorithm.

JWT.decode(token, "", true, algorithm: 'HS256')
  -> JWA::Hmac.verify(verification_key: "", ...)
  -> OpenSSL::HMAC.digest('SHA256', "", signing_input) == signature

The same path is reached when a keyfinder block or key_finder: argument returns "", nil, or an array containing nil for an unknown key. JWT::Decode#find_key only rejects literal nil and empty arrays, and JWT::JWA::Hmac silently coerces nil to "" (signing_key ||= '') before signing.

JWT.decode(token, nil, true, algorithms: ['HS256']) { |_h| "" }
  -> find_key returns ""               # "" && !Array("").empty? == true
  -> JWA::Hmac.verify(verification_key: "", ...)
  -> verifies

Common application patterns that produce the unsafe value: redis.get("kid:#{kid}").to_s, ORM string columns with default: '', ENV['SECRET'] || '', Hash.new('') lookups, [primary, fallback] where fallback may be nil. Applications passing a non-empty static key:, or whose keyfinder returns nil / raises on miss, are not affected.

The existing enforce_hmac_key_length option would block this but defaults to false. On OpenSSL ≥ 3.5 the empty-key HMAC.digest call no longer raises, so the OpenSSL-3.0 rescue in JWA::Hmac#sign does not fire.

Affects HS256/HS384/HS512 via both JWT.decode (positional key and block keyfinder) and JWT::EncodedToken#verify_signature!(key_finder:)

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "jwt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "jwt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-45363"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1391",
      "CWE-287",
      "CWE-326"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-18T17:24:55Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "`JWT.decode(token, \u0027\u0027, true, algorithm: \u0027HS256\u0027)` accepts an attacker-forged token.\n`OpenSSL::HMAC.digest(\u0027SHA256\u0027, \u0027\u0027, payload)` returns a valid digest under an empty key, and no `raise\n  InvalidKeyError if key.empty?` precondition exists in the HMAC algorithm.\n\n```\nJWT.decode(token, \"\", true, algorithm: \u0027HS256\u0027)\n  -\u003e JWA::Hmac.verify(verification_key: \"\", ...)\n  -\u003e OpenSSL::HMAC.digest(\u0027SHA256\u0027, \"\", signing_input) == signature\n```\n\nThe same path is reached when a keyfinder block or key_finder: argument returns \"\", nil, or an\narray containing nil for an unknown key. JWT::Decode#find_key only rejects literal nil and empty\narrays, and JWT::JWA::Hmac silently coerces nil to \"\" (signing_key ||= \u0027\u0027) before signing.\n\n```\nJWT.decode(token, nil, true, algorithms: [\u0027HS256\u0027]) { |_h| \"\" }\n  -\u003e find_key returns \"\"               # \"\" \u0026\u0026 !Array(\"\").empty? == true\n  -\u003e JWA::Hmac.verify(verification_key: \"\", ...)\n  -\u003e verifies\n```\nCommon application patterns that produce the unsafe value: `redis.get(\"kid:#{kid}\").to_s`, ORM string columns with `default: \u0027\u0027`, `ENV[\u0027SECRET\u0027] || \u0027\u0027, Hash.new(\u0027\u0027)` lookups, [primary, fallback] where fallback may be nil. Applications passing a non-empty static key:, or whose keyfinder returns nil / raises on miss, are not affected.\n\nThe existing `enforce_hmac_key_length` option would block this but defaults to false. On OpenSSL \u2265 3.5 the empty-key HMAC.digest call no longer raises, so the OpenSSL-3.0 rescue in JWA::Hmac#sign does not fire.\n\nAffects HS256/HS384/HS512 via both JWT.decode (positional key and block keyfinder) and\n`JWT::EncodedToken#verify_signature!(key_finder:)`",
  "id": "GHSA-c32j-vqhx-rx3x",
  "modified": "2026-06-02T22:12:50Z",
  "published": "2026-05-18T17:24:55Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jwt/ruby-jwt/issues/724"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jwt/ruby-jwt/commit/db560b769a07bd9724e77ff505011ac01872106f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jwt/ruby-jwt"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jwt/ruby-jwt/releases/tag/v2.10.3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jwt/ruby-jwt/releases/tag/v3.2.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jwt/CVE-2026-45363.yml"
    },
    {
      "type": "WEB",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45363"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ruby-jwt: Empty-key HMAC bypass; cross-language sibling of CVE-2026-44351"
}

GHSA-C3XQ-CJ8F-7829

Vulnerability from github – Published: 2021-10-12 16:31 – Updated: 2024-10-25 21:26
VLAI
Summary
Inadequate Encryption Strength in python-keystoneclient
Details

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.2.5"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "python-keystoneclient"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.2.3"
            },
            {
              "fixed": "0.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2013-2166"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-10-08T23:03:40Z",
    "nvd_published_at": "2019-12-10T15:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass.",
  "id": "GHSA-c3xq-cj8f-7829",
  "modified": "2024-10-25T21:26:23Z",
  "published": "2021-10-12T16:31:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2166"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/python-keystoneclient/commit/eeefb784f24c37d5f56a421e1ccc911cace9385e"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/cve-2013-2166"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2166"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2166"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-c3xq-cj8f-7829"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openstack/python-keystoneclient"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/python-keystoneclient/PYSEC-2019-197.yaml"
    },
    {
      "type": "WEB",
      "url": "https://security-tracker.debian.org/tracker/CVE-2013-2166"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113944.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0992.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2013/06/19/5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Inadequate Encryption Strength in python-keystoneclient"
}

GHSA-C4FR-GX5W-8QF2

Vulnerability from github – Published: 2022-05-17 04:44 – Updated: 2025-03-13 19:18
VLAI
Summary
Jenkins Subversion Plugin Stores Credentials with Base64 Encoding
Details

The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:subversion"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.54"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2013-6372"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-13T19:18:24Z",
    "nvd_published_at": "2014-05-08T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file.",
  "id": "GHSA-c4fr-gx5w-8qf2",
  "modified": "2025-03-13T19:18:24Z",
  "published": "2022-05-17T04:44:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6372"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/subversion-plugin/commit/7d4562d6f7e40de04bbe29577b51c79f07d05ba6"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHBA-2014:1630"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2013-6372"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1032391"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/subversion-plugin"
    },
    {
      "type": "WEB",
      "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Jenkins Subversion Plugin Stores Credentials with Base64 Encoding"
}

Mitigation
Architecture and Design

Use an encryption scheme that is currently considered to be strong by experts in the field.

CAPEC-112: Brute Force

In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.

CAPEC-192: Protocol Analysis

An adversary engages in activities to decipher and/or decode protocol information for a network or application communication protocol used for transmitting information between interconnected nodes or systems on a packet-switched data network. While this type of analysis involves the analysis of a networking protocol inherently, it does not require the presence of an actual or physical network.

CAPEC-20: Encryption Brute Forcing

An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.