Common Weakness Enumeration

CWE-526

Allowed

Cleartext Storage of Sensitive Information in an Environment Variable

Abstraction: Variant · Status: Incomplete

The product uses an environment variable to store unencrypted sensitive information.

37 vulnerabilities reference this CWE, most recent first.

CVE-2024-2700 (GCVE-0-2024-2700)

Vulnerability from cvelistv5 – Published: 2024-04-04 13:46 – Updated: 2025-11-07 10:50
VLAI
Title
Quarkus-core: leak of local configuration properties into quarkus applications
Summary
A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been set by the developer or CI environment for testing purposes, such as dropping the database during application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application, which can lead to dangerous behavior if the application does not override these values. This behavior only happens for configuration properties from the `quarkus.*` namespace. Application-specific properties are not captured.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-526 - Cleartext Storage of Sensitive Information in an Environment Variable
Assigner
References
URL Tags
https://access.redhat.com/errata/RHSA-2024:11023 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2106 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2705 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:3527 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:4028 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:4873 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-2700 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2273281 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Affected: 3.8.4
Affected: 3.2.12
Red Hat HawtIO 4.0.0 for Red Hat build of Apache Camel 4     cpe:/a:redhat:rhboac_hawtio:4.0.0
Create a notification for this product.
Red Hat Red Hat AMQ Streams 2.7.0     cpe:/a:redhat:amq_streams:2
Create a notification for this product.
Red Hat Red Hat build of Apicurio Registry 2.6.1 GA     cpe:/a:redhat:apicurio_registry:2.6
Create a notification for this product.
Red Hat Red Hat build of Quarkus 3.2.12.Final Unaffected: 3.2.12.Final-redhat-00001 , < * (rpm)
    cpe:/a:redhat:quarkus:3.2::el8
Create a notification for this product.
Red Hat Red Hat build of Quarkus 3.8.4.redhat Unaffected: 3.8.4.redhat-00002 , < * (rpm)
    cpe:/a:redhat:openshift_application_runtimes:1.0
Create a notification for this product.
Red Hat RHOSS-1.33-RHEL-8 Unaffected: 1.12.0-4 , < * (rpm)
    cpe:/a:redhat:openshift_serverless:1.33::el8
Create a notification for this product.
Red Hat RHOSS-1.33-RHEL-8 Unaffected: 1.12.0-6 , < * (rpm)
    cpe:/a:redhat:openshift_serverless:1.33::el8
Create a notification for this product.
Red Hat RHOSS-1.33-RHEL-8 Unaffected: 1.33.0-4 , < * (rpm)
    cpe:/a:redhat:openshift_serverless:1.33::el8
Create a notification for this product.
Red Hat RHOSS-1.33-RHEL-8 Unaffected: 1.33.0-5 , < * (rpm)
    cpe:/a:redhat:openshift_serverless:1.33::el8
Create a notification for this product.
Red Hat RHOSS-1.33-RHEL-8 Unaffected: 1.33.0-6 , < * (rpm)
    cpe:/a:redhat:openshift_serverless:1.33::el8
Create a notification for this product.
Red Hat Red Hat build of Apache Camel 4 for Quarkus 3     cpe:/a:redhat:camel_quarkus:3
Create a notification for this product.
Red Hat Red Hat build of Apache Camel - HawtIO 4     cpe:/a:redhat:apache_camel_hawtio:4
Create a notification for this product.
Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
Create a notification for this product.
Red Hat Red Hat build of OptaPlanner 8     cpe:/a:redhat:optaplanner:::el6
Create a notification for this product.
Red Hat Red Hat build of Quarkus     cpe:/a:redhat:quarkus:2
Create a notification for this product.
Red Hat Red Hat Integration Camel K 1     cpe:/a:redhat:integration:1
Create a notification for this product.
Red Hat Red Hat Integration Camel Quarkus 2     cpe:/a:redhat:camel_quarkus:2
Create a notification for this product.
Date Public
2024-04-03 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-2700",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-23T20:55:35.446485Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:30:17.872Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:18:48.249Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:2106",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2106"
          },
          {
            "name": "RHSA-2024:2705",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2705"
          },
          {
            "name": "RHSA-2024:3527",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:3527"
          },
          {
            "name": "RHSA-2024:4028",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:4028"
          },
          {
            "name": "RHSA-2024:4873",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:4873"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-2700"
          },
          {
            "name": "RHBZ#2273281",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273281"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/cockpit-project/cockpit/",
          "defaultStatus": "unaffected",
          "packageName": "quarkus-core",
          "versions": [
            {
              "status": "affected",
              "version": "3.8.4"
            },
            {
              "status": "affected",
              "version": "3.2.12"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhboac_hawtio:4.0.0"
          ],
          "defaultStatus": "unaffected",
          "packageName": "quarkus-core",
          "product": "HawtIO 4.0.0 for Red Hat build of Apache Camel 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:amq_streams:2"
          ],
          "defaultStatus": "unaffected",
          "product": "Red Hat AMQ Streams 2.7.0",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:apicurio_registry:2.6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "quarkus-core",
          "product": "Red Hat build of Apicurio Registry 2.6.1 GA",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:quarkus:3.2::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "io.quarkus/quarkus-core",
          "product": "Red Hat build of Quarkus 3.2.12.Final",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "3.2.12.Final-redhat-00001",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_application_runtimes:1.0"
          ],
          "defaultStatus": "affected",
          "packageName": "io.quarkus/quarkus-core",
          "product": "Red Hat build of Quarkus 3.8.4.redhat",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "3.8.4.redhat-00002",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/client-kn-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12.0-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12.0-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/eventing-controller-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12.0-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12.0-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12.0-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/eventing-istio-controller-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12.0-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/eventing-kafka-broker-controller-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12.0-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12.0-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12.0-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/eventing-kafka-broker-receiver-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12.0-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12.0-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/eventing-mtbroker-filter-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12.0-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12.0-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/eventing-mtchannel-broker-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12.0-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/eventing-mtping-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12.0-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/eventing-storage-version-migration-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12.0-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/eventing-webhook-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12.0-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/func-utils-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.33.0-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/ingress-rhel8-operator",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.33.0-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/knative-rhel8-operator",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.33.0-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/kn-cli-artifacts-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12.0-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/kourier-control-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12.0-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/net-istio-controller-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12.0-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/net-istio-webhook-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12.0-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/serverless-operator-bundle",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.33.0-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/serverless-rhel8-operator",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.33.0-5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/serving-activator-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12.0-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/serving-autoscaler-hpa-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12.0-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/serving-autoscaler-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12.0-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/serving-controller-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12.0-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/serving-queue-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12.0-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/serving-storage-version-migration-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12.0-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/serving-webhook-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12.0-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1/svls-must-gather-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.33.0-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1-tech-preview/backstage-plugins-eventmesh-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.33.0-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_serverless:1.33::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8",
          "product": "RHOSS-1.33-RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.12.0-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:camel_quarkus:3"
          ],
          "defaultStatus": "affected",
          "packageName": "quarkus-core",
          "product": "Red Hat build of Apache Camel 4 for Quarkus 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:apache_camel_hawtio:4"
          ],
          "defaultStatus": "affected",
          "packageName": "quarkus-core",
          "product": "Red Hat build of Apache Camel - HawtIO 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:"
          ],
          "defaultStatus": "affected",
          "packageName": "quarkus-core",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:optaplanner:::el6"
          ],
          "defaultStatus": "affected",
          "packageName": "quarkus-core",
          "product": "Red Hat build of OptaPlanner 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:quarkus:2"
          ],
          "defaultStatus": "affected",
          "packageName": "io.quarkus/quarkus-core",
          "product": "Red Hat build of Quarkus",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:integration:1"
          ],
          "defaultStatus": "affected",
          "packageName": "quarkus-core",
          "product": "Red Hat Integration Camel K 1",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:camel_quarkus:2"
          ],
          "defaultStatus": "affected",
          "packageName": "quarkus-core",
          "product": "Red Hat Integration Camel Quarkus 2",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-04-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application\u0027s build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been set by the developer or CI environment for testing purposes, such as dropping the database during application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application, which can lead to dangerous behavior if the application does not override these values. This behavior only happens for configuration properties from the `quarkus.*` namespace. Application-specific properties are not captured."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-526",
              "description": "Cleartext Storage of Sensitive Information in an Environment Variable",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-07T10:50:22.276Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:11023",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:11023"
        },
        {
          "name": "RHSA-2024:2106",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2106"
        },
        {
          "name": "RHSA-2024:2705",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2705"
        },
        {
          "name": "RHSA-2024:3527",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3527"
        },
        {
          "name": "RHSA-2024:4028",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:4028"
        },
        {
          "name": "RHSA-2024:4873",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:4873"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-2700"
        },
        {
          "name": "RHBZ#2273281",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273281"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-04-03T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-04-03T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Quarkus-core: leak of local configuration properties into quarkus applications",
      "workarounds": [
        {
          "lang": "en",
          "value": "Currently, no mitigation is available for this vulnerability. Please update as the patches become available."
        }
      ],
      "x_redhatCweChain": "CWE-526: Cleartext Storage of Sensitive Information in an Environment Variable"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-2700",
    "datePublished": "2024-04-04T13:46:39.956Z",
    "dateReserved": "2024-03-20T01:39:49.992Z",
    "dateUpdated": "2025-11-07T10:50:22.276Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-47615 (GCVE-0-2023-47615)

Vulnerability from cvelistv5 – Published: 2023-11-09 12:47 – Updated: 2024-09-03 19:34
VLAI
Summary
A CWE-526: Exposure of Sensitive Information Through Environmental Variables vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to get access to a sensitive data on the targeted system.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-526 - Exposure of Sensitive Information Through Environmental Variables
Assigner
References
Credits
Alexander Kozlov from Kaspersky Sergey Anufrienko from Kaspersky
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:09:37.468Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "KLCERT-22-212: Telit Cinterion (Thales/Gemalto) modules. Exposure of Sensitive Information Through Environmental Variables",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://ics-cert.kaspersky.com/advisories/2023/11/09/klcert-22-212-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-through-environmental-variables/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-47615",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-03T19:33:54.319079Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-03T19:34:27.651Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "BGS5",
          "vendor": "Telit Cinterion"
        },
        {
          "defaultStatus": "affected",
          "product": "EHS5",
          "vendor": "Telit Cinterion"
        },
        {
          "defaultStatus": "affected",
          "product": "EHS6",
          "vendor": "Telit Cinterion"
        },
        {
          "defaultStatus": "affected",
          "product": "EHS8",
          "vendor": "Telit Cinterion"
        },
        {
          "defaultStatus": "affected",
          "product": "PDS5",
          "vendor": "Telit Cinterion"
        },
        {
          "defaultStatus": "affected",
          "product": "PDS6",
          "vendor": "Telit Cinterion"
        },
        {
          "defaultStatus": "affected",
          "product": "PDS8",
          "vendor": "Telit Cinterion"
        },
        {
          "defaultStatus": "affected",
          "product": "ELS61",
          "vendor": "Telit Cinterion"
        },
        {
          "defaultStatus": "affected",
          "product": "ELS81",
          "vendor": "Telit Cinterion"
        },
        {
          "defaultStatus": "affected",
          "product": "PLS62",
          "vendor": "Telit Cinterion"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Alexander Kozlov from Kaspersky"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Sergey Anufrienko from Kaspersky"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-526: Exposure of Sensitive Information Through Environmental Variables vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to get access to a sensitive data on the targeted system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-526",
              "description": "CWE-526: Exposure of Sensitive Information Through Environmental Variables",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-09T17:18:49.812Z",
        "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "shortName": "Kaspersky"
      },
      "references": [
        {
          "name": "KLCERT-22-212: Telit Cinterion (Thales/Gemalto) modules. Exposure of Sensitive Information Through Environmental Variables",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://ics-cert.kaspersky.com/advisories/2023/11/09/klcert-22-212-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-through-environmental-variables/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-02-21T12:45:00.000Z",
          "value": "Issue discovered by Kaspersky ICS CERT"
        },
        {
          "lang": "en",
          "time": "2023-04-27T15:56:00.000Z",
          "value": "Confirmed by Telit Cinterion"
        }
      ],
      "workarounds": [
        {
          "lang": "en",
          "value": "Enforce application signature verification to prohibit the installation of untrusted MIDlets on the device."
        },
        {
          "lang": "en",
          "value": "Control physical access to the device at all stages of transportation to protect against the embedding of backdoors."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
    "assignerShortName": "Kaspersky",
    "cveId": "CVE-2023-47615",
    "datePublished": "2023-11-09T12:47:43.253Z",
    "dateReserved": "2023-11-07T10:06:48.689Z",
    "dateUpdated": "2024-09-03T19:34:27.651Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-43029 (GCVE-0-2023-43029)

Vulnerability from cvelistv5 – Published: 2025-03-21 15:33 – Updated: 2025-08-17 00:03
VLAI
Title
IBM Storage Virtualize vSphere Remote Plug-in information disclosure
Summary
IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-526 - Cleartext Storage of Sensitive Information in an Environment Variable
Assigner
ibm
References
URL Tags
https://www.ibm.com/support/pages/node/7228722 vendor-advisorypatch
Impacted products
Vendor Product Version
IBM Storage Virtualize vSphere Remote Plug-in Affected: 1.0
Affected: 1.1
    cpe:2.3:a:ibm:storage_virtualize_vsphere_remote_plugin:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storage_virtualize_vsphere_remote_plugin:1.1:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-43029",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-21T20:23:54.659738Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-21T20:24:14.648Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:storage_virtualize_vsphere_remote_plugin:1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:storage_virtualize_vsphere_remote_plugin:1.1:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Storage Virtualize vSphere Remote Plug-in",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            },
            {
              "status": "affected",
              "version": "1.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment."
            }
          ],
          "value": "IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-526",
              "description": "CWE-526 Cleartext Storage of Sensitive Information in an Environment Variable",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-17T00:03:33.951Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7228722"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Storage Virtualize vSphere Remote Plug-in information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-43029",
    "datePublished": "2025-03-21T15:33:51.807Z",
    "dateReserved": "2023-09-15T01:12:09.120Z",
    "dateUpdated": "2025-08-17T00:03:33.951Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-35931 (GCVE-0-2023-35931)

Vulnerability from cvelistv5 – Published: 2023-06-23 19:32 – Updated: 2024-12-05 16:09
VLAI
Title
Shescape potential environment variable exposure on Windows with CMD
Summary
Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-526 - Cleartext Storage of Sensitive Information in an Environment Variable
Assigner
Impacted products
Vendor Product Version
ericcornelissen shescape Affected: < 1.7.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:37:40.072Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-3g7p-8qhx-mc8r",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-3g7p-8qhx-mc8r"
          },
          {
            "name": "https://github.com/ericcornelissen/shescape/pull/982",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/ericcornelissen/shescape/pull/982"
          },
          {
            "name": "https://github.com/ericcornelissen/shescape/commit/d0fce70f987ac0d8331f93cb45d47e79436173ac",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/ericcornelissen/shescape/commit/d0fce70f987ac0d8331f93cb45d47e79436173ac"
          },
          {
            "name": "https://github.com/ericcornelissen/shescape/releases/tag/v1.7.1",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/ericcornelissen/shescape/releases/tag/v1.7.1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-35931",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-05T16:08:36.951164Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-05T16:09:33.483Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "shescape",
          "vendor": "ericcornelissen",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.7.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1.\n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-526",
              "description": "CWE-526: Cleartext Storage of Sensitive Information in an Environment Variable",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-23T19:32:53.897Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-3g7p-8qhx-mc8r",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-3g7p-8qhx-mc8r"
        },
        {
          "name": "https://github.com/ericcornelissen/shescape/pull/982",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ericcornelissen/shescape/pull/982"
        },
        {
          "name": "https://github.com/ericcornelissen/shescape/commit/d0fce70f987ac0d8331f93cb45d47e79436173ac",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ericcornelissen/shescape/commit/d0fce70f987ac0d8331f93cb45d47e79436173ac"
        },
        {
          "name": "https://github.com/ericcornelissen/shescape/releases/tag/v1.7.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ericcornelissen/shescape/releases/tag/v1.7.1"
        }
      ],
      "source": {
        "advisory": "GHSA-3g7p-8qhx-mc8r",
        "discovery": "UNKNOWN"
      },
      "title": "Shescape potential environment variable exposure on Windows with CMD"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-35931",
    "datePublished": "2023-06-23T19:32:53.897Z",
    "dateReserved": "2023-06-20T14:02:45.593Z",
    "dateUpdated": "2024-12-05T16:09:33.483Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-5720 (GCVE-0-2023-5720)

Vulnerability from cvelistv5 – Published: 2023-11-15 13:57 – Updated: 2024-08-02 08:07
VLAI
Title
Quarkus: build env information disclosure via gradle plugin
Summary
A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application.
CWE
  • CWE-526 - Cleartext Storage of Sensitive Information in an Environment Variable
Assigner
References
URL Tags
https://access.redhat.com/security/cve/CVE-2023-5720 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2245700 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
n/a gradle-plugin
Date Public
2023-11-08 00:00
Credits
Red Hat would like to thank The Gradle Engineering Team for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:07:32.620Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-5720"
          },
          {
            "name": "RHBZ#2245700",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245700"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "gradle-plugin",
          "vendor": "n/a"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank The Gradle Engineering Team for reporting this issue."
        }
      ],
      "datePublic": "2023-11-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-526",
              "description": "Cleartext Storage of Sensitive Information in an Environment Variable",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-23T01:30:30.953Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-5720"
        },
        {
          "name": "RHBZ#2245700",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245700"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-10-23T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-11-08T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Quarkus: build env information disclosure via gradle plugin",
      "x_redhatCweChain": "CWE-526: Cleartext Storage of Sensitive Information in an Environment Variable"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-5720",
    "datePublished": "2023-11-15T13:57:52.295Z",
    "dateReserved": "2023-10-23T16:39:58.066Z",
    "dateUpdated": "2024-08-02T08:07:32.620Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-2377 (GCVE-0-2014-2377)

Vulnerability from cvelistv5 – Published: 2014-09-15 14:00 – Updated: 2025-10-13 22:48
VLAI
Title
Ecava IntegraXor SCADA Server Information Exposure Through Environmental Variables
Summary
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
Ecava IntegraXor SCADA Server Affected: 0 , ≤ v4.1.4360 (custom)
Affected: 0 , ≤ v4.1.4392 (custom)
Create a notification for this product.
Date Public
2014-09-11 06:00
Credits
Andrea Micalizzi
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:14:25.255Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "IntegraXor SCADA Server",
          "vendor": "Ecava",
          "versions": [
            {
              "lessThanOrEqual": "v4.1.4360",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "v4.1.4392",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Andrea Micalizzi"
        }
      ],
      "datePublic": "2014-09-11T06:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\n\nEcava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.\n\n\u003c/p\u003e"
            }
          ],
          "value": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag."
        }
      ],
      "metrics": [
        {
          "cvssV2_0": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-526",
              "description": "CWE-526",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-13T22:48:15.434Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-224-01"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eEcava has produced a patch to address all four vulnerabilities identified. The patch can be downloaded from:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.integraxor.com/download/rc.msi?4.2.4458\"\u003ehttp://www.integraxor.com/download/rc.msi?4.2.4458\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Ecava has produced a patch to address all four vulnerabilities identified. The patch can be downloaded from:\n\n\n http://www.integraxor.com/download/rc.msi?4.2.4458"
        }
      ],
      "source": {
        "advisory": "ICSA-14-224-01",
        "discovery": "EXTERNAL"
      },
      "title": "Ecava IntegraXor SCADA Server Information Exposure Through Environmental Variables",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2014-2375",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2014-2377",
    "datePublished": "2014-09-15T14:00:00.000Z",
    "dateReserved": "2014-03-13T00:00:00.000Z",
    "dateUpdated": "2025-10-13T22:48:15.434Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-25RF-WFP7-MV9X

Vulnerability from github – Published: 2026-03-10 18:31 – Updated: 2026-03-10 18:31
VLAI
Details

IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1.4 could allow a local privileged user to obtain sensitive information from environment variables.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-36105"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312",
      "CWE-526"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-10T16:50:21Z",
    "severity": "MODERATE"
  },
  "details": "IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1.4 could allow a local privileged user to obtain sensitive information from environment variables.",
  "id": "GHSA-25rf-wfp7-mv9x",
  "modified": "2026-03-10T18:31:16Z",
  "published": "2026-03-10T18:31:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36105"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7262806"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3G7P-8QHX-MC8R

Vulnerability from github – Published: 2023-06-22 20:01 – Updated: 2023-06-26 16:35
VLAI
Summary
Shescape potential environment variable exposure on Windows with CMD
Details

Impact

This impact users of Shescape:

  1. On Windows using the Windows Command Prompt (i.e. cmd.exe), and
  2. Using quote/quoteAll or escape/escapeAll with the interpolation option set to true.

An attacker may be able to get read-only access to environment variables. Example:

import * as cp from "node:child_process";
import * as shescape from "shescape";

// 1. Prerequisites
const options = {
    shell: "cmd.exe",
    // Or
    shell: undefined, // Only if the default shell is CMD

    // And
    interpolation: true, // Only applies to `escape` and `escapeAll` usage
}

// 2. Attack (one of many)
const payload = "%PATH%";

// 3. Usage
let escapedPayload;

escapedPayload = shescape.quote(payload, options);
// Or
escapedPayload = shescape.quoteAll([payload], options);
// Or
escapedPayload = shescape.escape(payload, options);
// Or
escapedPayload = shescape.escapeAll([payload], options);

// And (example)
const result = cp.execSync(`echo Hello ${escapedPayload}`, options);

// 4. Impact
console.log(result.toString());
// Outputs "Hello" followed by the contents of the PATH environment variable

Patches

This bug has been patched in v1.7.1 which you can upgrade to now. No further changes are required.

Workarounds

Alternatively, users can remove all instances of % from user input, either before or after using Shescape.

References

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "shescape"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-35931"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-526"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-06-22T20:01:39Z",
    "nvd_published_at": "2023-06-23T20:15:09Z",
    "severity": "LOW"
  },
  "details": "### Impact\n\nThis impact users of Shescape:\n\n1. On Windows using the Windows Command Prompt (i.e. `cmd.exe`), and\n2. Using `quote`/`quoteAll` or `escape`/`escapeAll` with the `interpolation` option set to `true`.\n\nAn attacker may be able to get read-only access to environment variables. Example:\n\n```javascript\nimport * as cp from \"node:child_process\";\nimport * as shescape from \"shescape\";\n\n// 1. Prerequisites\nconst options = {\n    shell: \"cmd.exe\",\n    // Or\n    shell: undefined, // Only if the default shell is CMD\n\n    // And\n    interpolation: true, // Only applies to `escape` and `escapeAll` usage\n}\n\n// 2. Attack (one of many)\nconst payload = \"%PATH%\";\n\n// 3. Usage\nlet escapedPayload;\n\nescapedPayload = shescape.quote(payload, options);\n// Or\nescapedPayload = shescape.quoteAll([payload], options);\n// Or\nescapedPayload = shescape.escape(payload, options);\n// Or\nescapedPayload = shescape.escapeAll([payload], options);\n\n// And (example)\nconst result = cp.execSync(`echo Hello ${escapedPayload}`, options);\n\n// 4. Impact\nconsole.log(result.toString());\n// Outputs \"Hello\" followed by the contents of the PATH environment variable\n```\n\n### Patches\n\nThis bug has been patched in [v1.7.1](https://github.com/ericcornelissen/shescape/releases/tag/v1.7.1) which you can upgrade to now. No further changes are required.\n\n### Workarounds\n\nAlternatively, users can remove all instances of `%` from user input, either before or after using Shescape.\n\n### References\n\n- Shescape Pull request [#982](https://github.com/ericcornelissen/shescape/pull/982)\n- Shescape commit [`d0fce70`](https://github.com/ericcornelissen/shescape/commit/d0fce70f987ac0d8331f93cb45d47e79436173ac)\n- Shescape Release [v1.7.1](https://github.com/ericcornelissen/shescape/releases/tag/v1.7.1)\n",
  "id": "GHSA-3g7p-8qhx-mc8r",
  "modified": "2023-06-26T16:35:03Z",
  "published": "2023-06-22T20:01:39Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-3g7p-8qhx-mc8r"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35931"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ericcornelissen/shescape/pull/982"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ericcornelissen/shescape/commit/d0fce70f987ac0d8331f93cb45d47e79436173ac"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ericcornelissen/shescape"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ericcornelissen/shescape/releases/tag/v1.7.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Shescape potential environment variable exposure on Windows with CMD"
}

GHSA-3X7R-V44P-242P

Vulnerability from github – Published: 2022-05-17 04:35 – Updated: 2025-10-14 00:31
VLAI
Details

Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-2377"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-526"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-09-15T14:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.",
  "id": "GHSA-3x7r-v44p-242p",
  "modified": "2025-10-14T00:31:01Z",
  "published": "2022-05-17T04:35:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2377"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-224-01"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-224-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-4X4X-PV89-58Q8

Vulnerability from github – Published: 2025-06-13 15:30 – Updated: 2025-10-27 18:31
VLAI
Details

A credential leak in OpenC3 COSMOS v6.0.0 allows attackers to access service credentials as environment variables stored in all containers.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-28381"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-526"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-13T14:15:20Z",
    "severity": "HIGH"
  },
  "details": "A credential leak in OpenC3 COSMOS v6.0.0 allows attackers to access service credentials as environment variables stored in all containers.",
  "id": "GHSA-4x4x-pv89-58q8",
  "modified": "2025-10-27T18:31:06Z",
  "published": "2025-06-13T15:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-28381"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenC3/cosmos/pull/1816"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenC3/cosmos/pull/1816/commits/cce64c213fd2e6a70e2ccbf3622949fe8f9dcaef"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenC3/cosmos/releases/tag/v6.0.2"
    },
    {
      "type": "WEB",
      "url": "https://openc3.com"
    },
    {
      "type": "WEB",
      "url": "https://visionspace.com/openc3-cosmos-a-security-assessment-of-an-open-source-mission-framework"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Encrypt information stored in the environment variable to protect it from being exposed to an unauthorized user. If encryption is not feasible or is considered too expensive for the business use of the application, then consider using a properly protected configuration file instead of an environment variable. It should be understood that unencrypted information in a config file is also not guaranteed to be protected, but it is still a better choice, because it reduces attack surface related to weaknesses such as CWE-214. In some settings, vaults might be a feasible option for safer data transfer. Users should be notified of the business choice made to not protect the sensitive information through encryption.

Mitigation
Implementation

If the environment variable is not necessary for the desired behavior, then remove it entirely, or clear it to an empty value.

No CAPEC attack patterns related to this CWE.