CWE-922
Allowed-with-ReviewInsecure Storage of Sensitive Information
Abstraction: Class · Status: Incomplete
The product stores sensitive information without properly limiting read or write access by unauthorized actors.
437 vulnerabilities reference this CWE, most recent first.
GHSA-MFC7-3M73-FJF3
Vulnerability from github – Published: 2024-11-12 18:30 – Updated: 2024-11-12 18:30An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate additional information required during authentication.
{
"affected": [],
"aliases": [
"CVE-2024-10943"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-12T17:15:06Z",
"severity": "CRITICAL"
},
"details": "An\nauthentication bypass vulnerability exists in the affected product. The\nvulnerability exists due to shared secrets across accounts and could allow a threat\nactor to impersonate a user if the threat actor is able to enumerate additional\ninformation required during authentication.",
"id": "GHSA-mfc7-3m73-fjf3",
"modified": "2024-11-12T18:30:57Z",
"published": "2024-11-12T18:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10943"
},
{
"type": "WEB",
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1710.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-MGPG-RP6C-97R2
Vulnerability from github – Published: 2022-05-24 17:32 – Updated: 2022-05-24 17:32This issue was resolved by replacing device names with a random identifier. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15, watchOS 6, tvOS 13. An attacker in physical proximity may be able to passively observe device names in AWDL communications.
{
"affected": [],
"aliases": [
"CVE-2019-8799"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-27T20:15:00Z",
"severity": "LOW"
},
"details": "This issue was resolved by replacing device names with a random identifier. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15, watchOS 6, tvOS 13. An attacker in physical proximity may be able to passively observe device names in AWDL communications.",
"id": "GHSA-mgpg-rp6c-97r2",
"modified": "2022-05-24T17:32:24Z",
"published": "2022-05-24T17:32:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8799"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT210603"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT210604"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT210607"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT210634"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MH6Q-7483-RVJ7
Vulnerability from github – Published: 2024-10-11 18:32 – Updated: 2024-11-06 21:30An issue was discovered in Atos Eviden SMC xScale before 1.6.6. During initialization of nodes, some configuration parameters are retrieved from management nodes. These parameters embed credentials whose integrity and confidentiality may be important to the security of the HPC configuration. Because these parameters are needed for initialization, there is no available mechanism to ensure access control on the management node, and a mitigation measure is normally put in place to prevent access to unprivileged users. It was discovered that this mitigation measure does not survive a reboot of diskful nodes. (Diskless nodes are not at risk.) The mistake lies in the cloudinit configuration: the iptables configuration should have been in the bootcmd instead of the runcmd section.
{
"affected": [],
"aliases": [
"CVE-2024-42018"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-11T17:15:03Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Atos Eviden SMC xScale before 1.6.6. During initialization of nodes, some configuration parameters are retrieved from management nodes. These parameters embed credentials whose integrity and confidentiality may be important to the security of the HPC configuration. Because these parameters are needed for initialization, there is no available mechanism to ensure access control on the management node, and a mitigation measure is normally put in place to prevent access to unprivileged users. It was discovered that this mitigation measure does not survive a reboot of diskful nodes. (Diskless nodes are not at risk.) The mistake lies in the cloudinit configuration: the iptables configuration should have been in the bootcmd instead of the runcmd section.",
"id": "GHSA-mh6q-7483-rvj7",
"modified": "2024-11-06T21:30:54Z",
"published": "2024-10-11T18:32:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42018"
},
{
"type": "WEB",
"url": "https://eviden.com"
},
{
"type": "WEB",
"url": "https://support.bull.com/ols/product/security/psirt/security-bulletins/misconfiguration-of-smc-xscale-leads-to-sensitive-data-exposure-psirt-1369-tlp-clear-version-2-6-cve-2024-42018/view"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MJ8X-CPR8-X39H
Vulnerability from github – Published: 2021-06-16 17:33 – Updated: 2021-04-19 21:38A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker was able to download the file AppModule.class by requesting the URL http://localhost:8080/assets/something/services/AppModule.class which contains a HMAC secret key. The fix for that bug was a blacklist filter that checks if the URL ends with .class, .properties or .xml. Bypass: Unfortunately, the blacklist solution can simply be bypassed by appending a / at the end of the URL: http://localhost:8080/assets/something/services/AppModule.class/ The slash is stripped after the blacklist check and the file AppModule.class is loaded into the response. This class usually contains the HMAC secret key which is used to sign serialized Java objects. With the knowledge of that key an attacker can sign a Java gadget chain that leads to RCE (e.g. CommonsBeanUtils1 from ysoserial). Solution for this vulnerability: * For Apache Tapestry 5.4.0 to 5.6.2, upgrade to 5.6.3 or later. * For Apache Tapestry 5.7.0, upgrade to 5.7.1 or later.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tapestry:tapestry-core"
},
"ranges": [
{
"events": [
{
"introduced": "5.4.0"
},
{
"fixed": "5.6.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tapestry:tapestry-core"
},
"ranges": [
{
"events": [
{
"introduced": "5.7.0"
},
{
"fixed": "5.7.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-27850"
],
"database_specific": {
"cwe_ids": [
"CWE-502",
"CWE-922"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-19T21:38:56Z",
"nvd_published_at": "2021-04-15T08:15:00Z",
"severity": "CRITICAL"
},
"details": "A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker was able to download the file `AppModule.class` by requesting the URL `http://localhost:8080/assets/something/services/AppModule.class` which contains a HMAC secret key. The fix for that bug was a blacklist filter that checks if the URL ends with `.class`, `.properties` or `.xml`. Bypass: Unfortunately, the blacklist solution can simply be bypassed by appending a `/` at the end of the URL: `http://localhost:8080/assets/something/services/AppModule.class/` The slash is stripped after the blacklist check and the file `AppModule.class` is loaded into the response. This class usually contains the HMAC secret key which is used to sign serialized Java objects. With the knowledge of that key an attacker can sign a Java gadget chain that leads to RCE (e.g. CommonsBeanUtils1 from ysoserial). Solution for this vulnerability: * For Apache Tapestry 5.4.0 to 5.6.2, upgrade to 5.6.3 or later. * For Apache Tapestry 5.7.0, upgrade to 5.7.1 or later.",
"id": "GHSA-mj8x-cpr8-x39h",
"modified": "2021-04-19T21:38:56Z",
"published": "2021-06-16T17:33:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27850"
},
{
"type": "WEB",
"url": "https://issues.apache.org/jira/browse/TAP5-2663"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r237ff7f286bda31682c254550c1ebf92b0ec61329b32fbeb2d1c8751%40%3Cusers.tapestry.apache.org%3E"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210528-0002"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/04/15/1"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Remote code execution in Apache Tapestry"
}
GHSA-MQM7-JPJF-V8CM
Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2022-05-13 01:46Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with admin credentials so as to obtain full control of the target IP camera. During exploitation, the first JSON object encountered has a "Component error: login challenge!" message. The second JSON object encountered has a result indicating a successful admin login.
{
"affected": [],
"aliases": [
"CVE-2017-7253"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-30T18:59:00Z",
"severity": "HIGH"
},
"details": "Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with admin credentials so as to obtain full control of the target IP camera. During exploitation, the first JSON object encountered has a \"Component error: login challenge!\" message. The second JSON object encountered has a result indicating a successful admin login.",
"id": "GHSA-mqm7-jpjf-v8cm",
"modified": "2022-05-13T01:46:53Z",
"published": "2022-05-13T01:46:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7253"
},
{
"type": "WEB",
"url": "https://gist.github.com/anonymous/16aca69b7dea27cb73ddebb0d9033b02"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97263"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MRFP-7M85-53J8
Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-05-24 19:05Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log.
{
"affected": [],
"aliases": [
"CVE-2021-25404"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-11T15:15:00Z",
"severity": "LOW"
},
"details": "Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log.",
"id": "GHSA-mrfp-7m85-53j8",
"modified": "2022-05-24T19:05:09Z",
"published": "2022-05-24T19:05:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25404"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=5"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MRH2-C3XG-PF82
Vulnerability from github – Published: 2024-11-11 03:30 – Updated: 2024-11-19 21:31Insufficient validation performed on the REST API License file in Paxton Net2 before 6.07.14023.5015 (SR4) enables use of the REST API with an invalid License File. Attackers may be able to retrieve access-log data.
{
"affected": [],
"aliases": [
"CVE-2024-48939"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-11T01:15:04Z",
"severity": "HIGH"
},
"details": "Insufficient validation performed on the REST API License file in Paxton Net2 before 6.07.14023.5015 (SR4) enables use of the REST API with an invalid License File. Attackers may be able to retrieve access-log data.",
"id": "GHSA-mrh2-c3xg-pf82",
"modified": "2024-11-19T21:31:30Z",
"published": "2024-11-11T03:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48939"
},
{
"type": "WEB",
"url": "https://github.com/gitaware/CVE/blob/main/CVE-2024-48939/20241020_vuln_discl_paxton_API_license.pdf"
},
{
"type": "WEB",
"url": "https://paxton-access.co.uk"
},
{
"type": "WEB",
"url": "https://seclists.org/fulldisclosure/2024/Oct/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MRHP-8CHW-79JF
Vulnerability from github – Published: 2024-07-15 15:31 – Updated: 2024-07-15 15:31The vulnerability allows a malicious low-privileged PAM user to access information about other PAM users and their group memberships.
{
"affected": [],
"aliases": [
"CVE-2024-38496"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-15T15:15:10Z",
"severity": "MODERATE"
},
"details": "The vulnerability allows a malicious low-privileged PAM user to access information about other PAM users and their group memberships.",
"id": "GHSA-mrhp-8chw-79jf",
"modified": "2024-07-15T15:31:02Z",
"published": "2024-07-15T15:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38496"
},
{
"type": "WEB",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-MVWX-M8XX-54C6
Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-05-24 19:05Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud environment. This issue affects all versions of Citrix Cloud Connector that were installed by passing secure client parameters for installation via the command line. The issue does not affect Citrix Cloud Connector if it was installed using the interactive installer or where a parameter file was used with the command-line installer.
{
"affected": [],
"aliases": [
"CVE-2021-22914"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-16T14:15:00Z",
"severity": "HIGH"
},
"details": "Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud environment. This issue affects all versions of Citrix Cloud Connector that were installed by passing secure client parameters for installation via the command line. The issue does not affect Citrix Cloud Connector if it was installed using the interactive installer or where a parameter file was used with the command-line installer.",
"id": "GHSA-mvwx-m8xx-54c6",
"modified": "2022-05-24T19:05:30Z",
"published": "2022-05-24T19:05:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22914"
},
{
"type": "WEB",
"url": "https://support.citrix.com/article/CTX316690"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-P3G3-H276-V53F
Vulnerability from github – Published: 2024-11-06 00:31 – Updated: 2024-11-06 00:31The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.13 via the exposed process stats file during the backup process. This makes it possible for unauthenticated attackers to obtain an archive file name and download the site's backup.
{
"affected": [],
"aliases": [
"CVE-2024-10028"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-06T00:15:13Z",
"severity": "HIGH"
},
"details": "The Everest Backup \u2013 WordPress Cloud Backup, Migration, Restore \u0026 Cloning Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.13 via the exposed process stats file during the backup process. This makes it possible for unauthenticated attackers to obtain an archive file name and download the site\u0027s backup.",
"id": "GHSA-p3g3-h276-v53f",
"modified": "2024-11-06T00:31:55Z",
"published": "2024-11-06T00:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10028"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/everest-backup/tags/2.2.13/inc/classes/class-backup-directory.php#L514"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9b871957-a2b3-492f-b461-7040d9098b2b?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.