CWE-922
Allowed-with-ReviewInsecure Storage of Sensitive Information
Abstraction: Class · Status: Incomplete
The product stores sensitive information without properly limiting read or write access by unauthorized actors.
437 vulnerabilities reference this CWE, most recent first.
GHSA-676C-P5XH-7HFR
Vulnerability from github – Published: 2024-02-29 00:30 – Updated: 2024-11-15 21:30An issue in uverif v.2.0 allows a remote attacker to obtain sensitive information.
{
"affected": [],
"aliases": [
"CVE-2024-26559"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-28T23:15:09Z",
"severity": "MODERATE"
},
"details": "An issue in uverif v.2.0 allows a remote attacker to obtain sensitive information.",
"id": "GHSA-676c-p5xh-7hfr",
"modified": "2024-11-15T21:30:45Z",
"published": "2024-02-29T00:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26559"
},
{
"type": "WEB",
"url": "https://syst1m.cn/2024/01/22/U%E9%AA%8C%E8%AF%81%E7%BD%91%E7%BB%9C%E7%94%A8%E6%88%B7%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F_%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-67QP-79MM-XM85
Vulnerability from github – Published: 2023-05-10 15:30 – Updated: 2024-04-04 04:00Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
{
"affected": [],
"aliases": [
"CVE-2022-43475"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-10T14:15:24Z",
"severity": "HIGH"
},
"details": "Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.",
"id": "GHSA-67qp-79mm-xm85",
"modified": "2024-04-04T04:00:09Z",
"published": "2023-05-10T15:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43475"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00806.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-684V-2FJ2-H2CW
Vulnerability from github – Published: 2024-10-28 21:30 – Updated: 2025-11-04 00:31A logic issue was addressed with improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to access user-sensitive data.
{
"affected": [],
"aliases": [
"CVE-2024-44263"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-28T21:15:07Z",
"severity": "MODERATE"
},
"details": "A logic issue was addressed with improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to access user-sensitive data.",
"id": "GHSA-684v-2fj2-h2cw",
"modified": "2025-11-04T00:31:50Z",
"published": "2024-10-28T21:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44263"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121563"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Oct/9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-68WM-4XJG-6P6M
Vulnerability from github – Published: 2024-04-19 06:30 – Updated: 2025-02-04 18:30In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches.
{
"affected": [],
"aliases": [
"CVE-2024-29965"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-19T05:15:49Z",
"severity": "MODERATE"
},
"details": "In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface (\"SSH\"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches.",
"id": "GHSA-68wm-4xjg-6p6m",
"modified": "2025-02-04T18:30:44Z",
"published": "2024-04-19T06:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29965"
},
{
"type": "WEB",
"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23250"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-69FP-7C8P-CRJR
Vulnerability from github – Published: 2024-06-10 18:36 – Updated: 2024-07-31 14:51A flaw was found in Keycloak in the OAuth 2.0 Pushed Authorization Requests (PAR). Client provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a request_uri authorization request. This could lead to an information disclosure vulnerability.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-services"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "24.0.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-4540"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-922"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-10T18:36:56Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "A flaw was found in Keycloak in the OAuth 2.0 Pushed Authorization Requests (PAR). Client provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server\u0027s HTTP response to a request_uri authorization request. This could lead to an information disclosure vulnerability.",
"id": "GHSA-69fp-7c8p-crjr",
"modified": "2024-07-31T14:51:21Z",
"published": "2024-06-10T18:36:56Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-69fp-7c8p-crjr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4540"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/commit/2191cc26ae6deb52eeaf74046027b65804d16fd0"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3566"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3567"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3568"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3570"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3572"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3573"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3574"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3575"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3576"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-4540"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279303"
},
{
"type": "PACKAGE",
"url": "https://github.com/keycloak/keycloak"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)"
}
GHSA-6CR3-PFHW-G3C7
Vulnerability from github – Published: 2023-10-25 18:32 – Updated: 2024-10-29 21:30vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.
{
"affected": [],
"aliases": [
"CVE-2023-34056"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-25T18:17:27Z",
"severity": "MODERATE"
},
"details": "vCenter Server contains a partial information disclosure vulnerability.\u00a0A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.",
"id": "GHSA-6cr3-pfhw-g3c7",
"modified": "2024-10-29T21:30:43Z",
"published": "2023-10-25T18:32:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34056"
},
{
"type": "WEB",
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0023.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6CR9-4PV5-J99R
Vulnerability from github – Published: 2023-09-19 12:30 – Updated: 2024-04-04 07:43A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome if a custom layout is chosen This issue affects opensuse-welcome: from 0.1 before 0.1.9+git.35.4b9444a.
{
"affected": [],
"aliases": [
"CVE-2023-32184"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-19T10:15:12Z",
"severity": "HIGH"
},
"details": "A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome if a custom layout is chosen\nThis issue affects opensuse-welcome: from 0.1 before 0.1.9+git.35.4b9444a.\n\n",
"id": "GHSA-6cr9-4pv5-j99r",
"modified": "2024-04-04T07:43:53Z",
"published": "2023-09-19T12:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32184"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32184"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6GR4-52W6-VMQX
Vulnerability from github – Published: 2024-06-17 22:30 – Updated: 2024-10-16 17:26Impact
When RKE provisions a cluster, it stores the cluster state in a configmap called full-cluster-state inside the kube-system namespace of the cluster itself. This cluster state object contains information used to set up the K8s cluster, which may include the following sensitive data:
- RancherKubernetesEngineConfig
- RKENodeConfig
- SSH username
- SSH private key
- SSH private key path
- RKEConfigServices
- ETCDService
- External client key
- BackupConfig
- S3BackupConfig
- AWS access key
- AWS secret key
- S3BackupConfig
- KubeAPIService
- SecretsEncryptionConfig
- K8s encryption configuration (contains encryption keys)
- SecretsEncryptionConfig
- ETCDService
- PrivateRegistries
- User
- Password
- ECRCredentialPlugin
- AWS access key
- AWS secret key
- AWS session token
- CloudProvider
- AzureCloudProvider
- AAD client ID
- AAD client secret
- AAD client cert password
- OpenstackCloudProvider
- Username
- User ID
- Password
- VsphereCloudProvider
- GlobalVsphereOpts
- User
- Password
- VirtualCenterConfig
- User
- Password
- GlobalVsphereOpts
- HarvesterCloudProvider
- CloudConfig
- CustomCloudProvider
- AzureCloudProvider
- BastionHost
- User
- SSH key
- CertificatesBundle
- Private key
- EncryptionConfig
- Private key
The State type that contains the above info and more can viewed here.
While the full-cluster-state configmap is not publicly available (reading it requires access to the RKE cluster), it being a configmap makes it available to non-administrators of the cluster. Because this configmap contains essentially all the information and credentials required to administer the cluster, anyone with permission to read it thereby achieves admin-level access to the cluster (please consult the MITRE ATT&CK - Technique - Unsecured Credentials : Credentials In Files for further information about the associated technique of attack).
Important: For the exposure of credentials not related to Rancher and RKE, the final impact severity for confidentiality, integrity and availability is dependent on the permissions the leaked credentials have on their services.
It is recommended to review for potentially leaked credentials in this scenario and to change them if deemed necessary.
Patches
This vulnerability is being fixed in RKE versions 1.4.19 and 1.5.10 which are included in Rancher versions 2.7.14 and 2.8.5.
The patches include changes that will cause RKE to automatically migrate the cluster state configmap to a full-cluster-state secret in the kube-system namespace. The migrated secret will only be accessible to those who have read access to the kube-system namespace in the downstream RKE cluster. In Rancher, only admin and cluster-owner roles can access the secret. The old configmap will be removed after successful migration.
All downstream clusters provisioned using RKE via Rancher will be migrated automatically on Rancher upgrade. Note that any downstream clusters that are unavailable or otherwise non migratable on Rancher upgrade will still be migrated automatically as soon as they become available.
Clusters provisioned using RKE outside of Rancher will be migrated automatically upon the next invocation of rke up (i.e. the next cluster reconciliation) after upgrading RKE.
If a rollback needs to be performed after an upgrade to a patched Rancher or RKE version, downstream RKE clusters that were migrated need to have their migrations manually reversed using this script: https://github.com/rancherlabs/support-tools/tree/master/reverse-rke-state-migrations. Please be sure to back up downstream clusters before performing the reverse migration.
Workarounds
There are no workarounds for this issue. Users are recommended to upgrade, as soon as possible, to a version of RKE/Rancher Manager which contains the fixes.
Users should not attempt to perform this migration manually without upgrading their RKE/Rancher versions as only post-patch versions of RKE are capable of reading the cluster state from a secret instead of a configmap. In other words, migrating the cluster state to a secret without upgrading RKE/Rancher would cause RKE to be unable to read the cluster state, making it incapable of managing the cluster until an RKE/Rancher upgrade is performed.
For more information
If you have any questions or comments about this advisory:
- Reach out to the SUSE Rancher Security team for security related inquiries.
- Open an issue in the Rancher repository.
- Verify our support matrix and product support life cycle.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/rke"
},
"ranges": [
{
"events": [
{
"introduced": "1.4.18"
},
{
"fixed": "1.4.19"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/rke"
},
"ranges": [
{
"events": [
{
"introduced": "1.5.9"
},
{
"fixed": "1.5.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-32191"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-17T22:30:48Z",
"nvd_published_at": "2024-10-16T13:15:12Z",
"severity": "CRITICAL"
},
"details": "### Impact\n\nWhen RKE provisions a cluster, it stores the cluster state in a configmap called `full-cluster-state` inside the `kube-system` namespace of the cluster itself. This cluster state object contains information used to set up the K8s cluster, which may include the following sensitive data:\n\n- RancherKubernetesEngineConfig\n - RKENodeConfig\n - SSH username\n - SSH private key\n - SSH private key path\n - RKEConfigServices\n - ETCDService\n - External client key\n - BackupConfig\n - S3BackupConfig\n - AWS access key\n - AWS secret key\n - KubeAPIService\n - SecretsEncryptionConfig\n - K8s encryption configuration (contains encryption keys)\n - PrivateRegistries\n - User\n - Password\n - ECRCredentialPlugin\n - AWS access key\n - AWS secret key\n - AWS session token\n - CloudProvider\n - AzureCloudProvider\n - AAD client ID\n - AAD client secret\n - AAD client cert password\n - OpenstackCloudProvider\n - Username\n - User ID\n - Password\n - VsphereCloudProvider\n - GlobalVsphereOpts\n - User\n - Password\n - VirtualCenterConfig\n - User\n - Password\n - HarvesterCloudProvider\n - CloudConfig\n - CustomCloudProvider\n - BastionHost\n - User\n - SSH key\n- CertificatesBundle\n - Private key\n- EncryptionConfig\n - Private key\n\n\nThe `State` type that contains the above info and more can viewed [here](https://github.com/rancher/rke/blob/8714c3c06e0bad55c61684fd5d94f1481128c58d/cluster/state.go#L37).\n\nWhile the `full-cluster-state` configmap is not publicly available (reading it requires access to the RKE cluster), it being a configmap makes it available to non-administrators of the cluster. Because this configmap contains essentially all the information and credentials required to administer the cluster, anyone with permission to read it thereby achieves admin-level access to the cluster (please consult the [MITRE ATT\u0026CK - Technique - Unsecured Credentials : Credentials In Files](https://attack.mitre.org/techniques/T1552/001/) for further information about the associated technique of attack).\n\n\n**Important:**\nFor the exposure of credentials not related to Rancher and RKE, the final impact severity for confidentiality, integrity and availability is dependent on the permissions the leaked credentials have on their services. \n\n\nIt is recommended to review for potentially leaked credentials in this scenario and to change them if deemed necessary.\n\n\n### Patches\n\nThis vulnerability is being fixed in RKE versions `1.4.19` and `1.5.10` which are included in Rancher versions `2.7.14` and `2.8.5`.\n\n\nThe patches include changes that will cause RKE to automatically migrate the cluster state configmap to a `full-cluster-state` secret in the `kube-system` namespace. The migrated secret will only be accessible to those who have read access to the `kube-system` namespace in the downstream RKE cluster. In Rancher, only admin and cluster-owner roles can access the secret. The old configmap will be removed after successful migration.\n\n\nAll downstream clusters provisioned using RKE via Rancher will be migrated automatically on Rancher upgrade. Note that any downstream clusters that are unavailable or otherwise non migratable on Rancher upgrade will still be migrated automatically as soon as they become available.\n\n\nClusters provisioned using RKE outside of Rancher will be migrated automatically upon the next invocation of `rke up` (i.e. the next cluster reconciliation) after upgrading RKE.\n\n\nIf a rollback needs to be performed after an upgrade to a patched Rancher or RKE version, downstream RKE clusters that were migrated need to have their migrations manually reversed using this script: https://github.com/rancherlabs/support-tools/tree/master/reverse-rke-state-migrations. \n**Please be sure to back up downstream clusters before performing the reverse migration**.\n\n\n### Workarounds\n\nThere are no workarounds for this issue. Users are recommended to upgrade, as soon as possible, to a version of RKE/Rancher Manager which contains the fixes.\n\n\nUsers should not attempt to perform this migration manually without upgrading their RKE/Rancher versions as only post-patch versions of RKE are capable of reading the cluster state from a secret instead of a configmap. In other words, migrating the cluster state to a secret without upgrading RKE/Rancher would cause RKE to be unable to read the cluster state, making it incapable of managing the cluster until an RKE/Rancher upgrade is performed.\n\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n\n- Reach out to the [SUSE Rancher Security team](https://github.com/rancher/rancher/security/policy) for security related inquiries.\n- Open an issue in the [Rancher](https://github.com/rancher/rancher/issues/new/choose) repository.\n- Verify our [support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) and [product support life cycle](https://www.suse.com/lifecycle/).\n",
"id": "GHSA-6gr4-52w6-vmqx",
"modified": "2024-10-16T17:26:10Z",
"published": "2024-06-17T22:30:48Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/rancher/rke/security/advisories/GHSA-6gr4-52w6-vmqx"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32191"
},
{
"type": "WEB",
"url": "https://github.com/rancher/rke/commit/cf49199481a1891909acb1384eed73a5c987d5bd"
},
{
"type": "WEB",
"url": "https://github.com/rancher/rke/commit/f7485b8dce376db0fc15a7c3ceb3de7029c8d0cf"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32191"
},
{
"type": "PACKAGE",
"url": "https://github.com/rancher/rke"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "rke\u0027s credentials are stored in the RKE1 Cluster state ConfigMap"
}
GHSA-6GWH-QX8X-GVW2
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php.
{
"affected": [],
"aliases": [
"CVE-2020-28911"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-24T13:15:00Z",
"severity": "MODERATE"
},
"details": "Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php.",
"id": "GHSA-6gwh-qx8x-gvw2",
"modified": "2022-05-24T19:03:04Z",
"published": "2022-05-24T19:03:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28911"
},
{
"type": "WEB",
"url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you"
},
{
"type": "WEB",
"url": "https://www.nagios.com/downloads/nagios-xi/change-log"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-6PJX-C35C-MQW4
Vulnerability from github – Published: 2025-09-16 00:30 – Updated: 2025-11-03 21:34The issue was addressed with improved handling of caches. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An attacker with physical access to an unlocked device may be able to view an image in the most recently viewed locked note.
{
"affected": [],
"aliases": [
"CVE-2025-43203"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-15T23:15:30Z",
"severity": "MODERATE"
},
"details": "The issue was addressed with improved handling of caches. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An attacker with physical access to an unlocked device may be able to view an image in the most recently viewed locked note.",
"id": "GHSA-6pjx-c35c-mqw4",
"modified": "2025-11-03T21:34:28Z",
"published": "2025-09-16T00:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43203"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/125108"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/125109"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Sep/49"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Sep/50"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.