Common Weakness Enumeration

CWE-326

Allowed-with-Review

Inadequate Encryption Strength

Abstraction: Class · Status: Draft

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

631 vulnerabilities reference this CWE, most recent first.

GHSA-F4VP-F6H9-8CX8

Vulnerability from github – Published: 2022-02-17 00:00 – Updated: 2023-06-30 21:30
VLAI
Details

A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-26726"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-209",
      "CWE-326",
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-16T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021.",
  "id": "GHSA-f4vp-f6h9-8cx8",
  "modified": "2023-06-30T21:30:18Z",
  "published": "2022-02-17T00:00:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26726"
    },
    {
      "type": "WEB",
      "url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26726"
    },
    {
      "type": "WEB",
      "url": "https://www.valmet.com/about-us/research-and-development/vulnerabilityadvisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F632-9449-3J4W

Vulnerability from github – Published: 2024-11-18 15:33 – Updated: 2026-06-18 20:22
VLAI
Summary
Apache Tomcat - XSS in generated JSPs
Details

Description:

The fix for improvement 69333 caused pooled JSP tags not to be released after use which in turn could cause output of some tags not to escaped as expected. This unescaped output could lead to XSS.

Versions Affected:

  • Apache Tomcat 11.0.0
  • Apache Tomcat 10.1.31
  • Apache Tomcat 9.0.96

Mitigation:

Users of the affected versions should apply one of the following mitigations: - Upgrade to Apache Tomcat 11.0.1 or later - Upgrade to Apache Tomcat 10.1.33 or later Note: 10.1.32 was not released - Upgrade to Apache Tomcat 9.0.97 or later

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat-jasper"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.0.0"
            },
            {
              "fixed": "11.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "11.0.0"
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat-jasper"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.1.31"
            },
            {
              "fixed": "10.1.32"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "10.1.31"
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat.embed:tomcat-embed-jasper"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.96"
            },
            {
              "fixed": "9.0.97"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "9.0.96"
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat.embed:tomcat-embed-jasper"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.0.0"
            },
            {
              "fixed": "11.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "11.0.0"
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat.embed:tomcat-embed-jasper"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.1.31"
            },
            {
              "fixed": "10.1.32"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "10.1.31"
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat-jasper"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.96"
            },
            {
              "fixed": "9.0.97"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "9.0.96"
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.0.0"
            },
            {
              "fixed": "11.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "11.0.0"
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.1.31"
            },
            {
              "fixed": "10.1.32"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "10.1.31"
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.96"
            },
            {
              "fixed": "9.0.97"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "9.0.96"
      ]
    }
  ],
  "aliases": [
    "CVE-2024-52318"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-11-18T21:03:24Z",
    "nvd_published_at": "2024-11-18T13:15:04Z",
    "severity": "MODERATE"
  },
  "details": "# Description:\nThe fix for improvement 69333 caused pooled JSP tags not to be released after use which in turn could cause output of some tags not to escaped as expected. This unescaped output could lead to XSS.\n\n# Versions Affected:\n- Apache Tomcat 11.0.0\n- Apache Tomcat 10.1.31\n- Apache Tomcat 9.0.96\n\n# Mitigation:\nUsers of the affected versions should apply one of the following\nmitigations:\n- Upgrade to Apache Tomcat 11.0.1 or later\n- Upgrade to Apache Tomcat 10.1.33 or later\nNote: 10.1.32 was not released\n- Upgrade to Apache Tomcat 9.0.97 or later",
  "id": "GHSA-f632-9449-3j4w",
  "modified": "2026-06-18T20:22:52Z",
  "published": "2024-11-18T15:33:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52318"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/8d1fc4733a06d1a03b9d644c57010f2ec5f0df38"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/9813c5dd3259183f659bbb83312a5cf673cc1ebf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/be8e32143a3159e78fe5463d09bb8e1b33bf2b1f"
    },
    {
      "type": "WEB",
      "url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=69333"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/tomcat"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/co243cw1nlh6p521c5265cm839wkqdp9"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20250131-0009"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/11/18/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Tomcat - XSS in generated JSPs"
}

GHSA-F67X-VQH9-8P43

Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2024-10-21 15:31
VLAI
Details

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2013-2566"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-03-15T21:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.",
  "id": "GHSA-f67x-vqh9-8p43",
  "modified": "2024-10-21T15:31:40Z",
  "published": "2022-05-13T01:13:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2566"
    },
    {
      "type": "WEB",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935"
    },
    {
      "type": "WEB",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201504-01"
    },
    {
      "type": "WEB",
      "url": "http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html"
    },
    {
      "type": "WEB",
      "url": "http://cr.yp.to/talks/2013.03.12/slides.pdf"
    },
    {
      "type": "WEB",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=143039468003789\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-201406-19.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.isg.rhul.ac.uk/tls"
    },
    {
      "type": "WEB",
      "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html"
    },
    {
      "type": "WEB",
      "url": "http://www.opera.com/docs/changelogs/unified/1215"
    },
    {
      "type": "WEB",
      "url": "http://www.opera.com/security/advisory/1046"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/58796"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2031-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2032-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F686-HW9C-XW9C

Vulnerability from github – Published: 2024-10-30 14:37 – Updated: 2024-10-31 19:36
VLAI
Summary
Snowflake JDBC Security Advisory
Details

Impacted Products

Snowflake JDBC driver versions >= 3.2.6 & <= 3.19.1 are affected.

Introduction

Snowflake recently identified an issue affecting JDBC drivers that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption. The issue, which affects only a subset of accounts hosted on Azure and GCP deployments (AWS deployments are not affected), manifests in instances where customers create a stage using a JDBC driver with the CLIENT_ENCRYPTION_KEY_SIZE account parameter set to 256-bit rather than the default 128-bit. The data is still protected by TLS in transit and server side encryption at rest. This missed layer of the additional protection is not visible to the affected customers.

Incorrect Security Setting Vulnerability

Description

Snowflake identified an incorrect security setting in Snowflake JDBC drivers. Snowflake has evaluated the severity of the issue and determined it was in medium range with a maximum CVSSv3 base score of 5.9.

Scenarios and attack vector(s)

Users of Snowflake JDBC drivers with accounts on Azure and GCP deployments who set the parameter CLIENT_ENCRYPTION_KEY_SIZE = 256 were subject to this incorrect security setting vulnerability as it could result in data being uploaded to a stage without an additional layer for encryption.

Our response

On July 23, 2024, Snowflake discovered this vulnerability. On 10/28/2024, Snowflake released a patch in Snowflake JDBC driver Version 3.20.0. The patch fixes the incorrect security setting.

Resolution

We strongly recommend users to upgrade to 3.20.0 or later versions as soon as possible.

Contact

If you discover a security vulnerability in one of our products or websites, please report the issue to HackerOne. For more information, please see our Vulnerability Disclosure Policy.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.19.1"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "net.snowflake:snowflake-jdbc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.2.6"
            },
            {
              "fixed": "3.20.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-43382"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-311",
      "CWE-326"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-10-30T14:37:53Z",
    "nvd_published_at": "2024-10-30T21:15:14Z",
    "severity": "MODERATE"
  },
  "details": "### Impacted Products\nSnowflake JDBC driver versions \u003e= 3.2.6 \u0026 \u003c= 3.19.1 are affected.\n\n### Introduction\nSnowflake recently identified an issue affecting JDBC drivers that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption. The issue, which affects only a subset of accounts hosted on Azure and GCP deployments (AWS deployments are not affected), manifests in instances where customers create a stage using a JDBC driver with the CLIENT_ENCRYPTION_KEY_SIZE account parameter set to 256-bit rather than the default 128-bit. The data is still protected by TLS in transit and server side encryption at rest. This missed layer of the additional protection is not visible to the affected customers.\n\n### Incorrect Security Setting Vulnerability \n#### Description\nSnowflake identified an incorrect security setting in Snowflake JDBC drivers. Snowflake has evaluated the severity of the issue and determined it was in medium range with a maximum CVSSv3 base score of 5.9. \n#### Scenarios and attack vector(s)\nUsers of Snowflake JDBC drivers with accounts on Azure and GCP deployments who set the parameter CLIENT_ENCRYPTION_KEY_SIZE = 256 were subject to this incorrect security setting vulnerability as it could result in data being uploaded to a stage without an additional layer for encryption. \n#### Our response\nOn July 23, 2024, Snowflake discovered this vulnerability. On 10/28/2024, Snowflake released a patch in Snowflake JDBC driver Version 3.20.0. The patch fixes the incorrect security setting. \n#### Resolution\nWe strongly recommend users to upgrade to 3.20.0 or later versions as soon as possible. \n\n### Contact\nIf you discover a security vulnerability in one of our products or websites, please report the issue to HackerOne. For more information, please see our [Vulnerability Disclosure Policy](https://hackerone.com/snowflake?type=team).\n",
  "id": "GHSA-f686-hw9c-xw9c",
  "modified": "2024-10-31T19:36:18Z",
  "published": "2024-10-30T14:37:53Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/snowflakedb/snowflake-jdbc/security/advisories/GHSA-f686-hw9c-xw9c"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43382"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/snowflakedb/snowflake-jdbc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Snowflake JDBC Security Advisory"
}

GHSA-F7G9-F9CQ-4WHW

Vulnerability from github – Published: 2023-05-24 18:30 – Updated: 2024-04-04 04:19
VLAI
Details

Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward secure: eavesdroppers can decrypt network traffic between two accounts if they later compromise both accounts. NOTE: the eavesdropping is typically impractical because BHP runs over an encrypted session that uses the Tor hidden service protocol.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-33982"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-24T18:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward secure: eavesdroppers can decrypt network traffic between two accounts if they later compromise both accounts. NOTE: the eavesdropping is typically impractical because BHP runs over an encrypted session that uses the Tor hidden service protocol.",
  "id": "GHSA-f7g9-f9cq-4whw",
  "modified": "2024-04-04T04:19:49Z",
  "published": "2023-05-24T18:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33982"
    },
    {
      "type": "WEB",
      "url": "https://briarproject.org/news/2023-three-security-issues-found-and-fixed"
    },
    {
      "type": "WEB",
      "url": "https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_YuanmingSong.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F9H7-X4M7-P8MW

Vulnerability from github – Published: 2022-05-24 17:13 – Updated: 2022-05-24 17:13
VLAI
Details

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to intercept Bluetooth traffic.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-9770"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-01T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to intercept Bluetooth traffic.",
  "id": "GHSA-f9h7-x4m7-p8mw",
  "modified": "2022-05-24T17:13:13Z",
  "published": "2022-05-24T17:13:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9770"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211102"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-FCMX-WCC5-GF8W

Vulnerability from github – Published: 2026-04-21 15:32 – Updated: 2026-04-23 15:38
VLAI
Details

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-1241"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-21T15:16:35Z",
    "severity": "MODERATE"
  },
  "details": "Encrypted values in Fortra\u0027s GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which\u00a0allows admin users to brute-force decryption of data.",
  "id": "GHSA-fcmx-wcc5-gf8w",
  "modified": "2026-04-23T15:38:53Z",
  "published": "2026-04-21T15:32:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1241"
    },
    {
      "type": "WEB",
      "url": "https://fortra.com/security/advisories/product-security/FI-2026-001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FCQH-QV75-JMRG

Vulnerability from github – Published: 2022-05-17 02:55 – Updated: 2025-04-20 03:31
VLAI
Details

hitek.jar in Hitek Software's Automize uses weak encryption when encrypting SSH/SFTP and Encryption profile passwords. This allows an attacker to retrieve the encrypted passwords from sshProfiles.jsd and encryptionProfiles.jsd and decrypt them to recover cleartext passwords. All 10.x up to and including 10.25 and all 11.x up to and including 11.14 are verified to be affected.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-10102"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-01-23T07:59:00Z",
    "severity": "HIGH"
  },
  "details": "hitek.jar in Hitek Software\u0027s Automize uses weak encryption when encrypting SSH/SFTP and Encryption profile passwords. This allows an attacker to retrieve the encrypted passwords from sshProfiles.jsd and encryptionProfiles.jsd and decrypt them to recover cleartext passwords. All 10.x up to and including 10.25 and all 11.x up to and including 11.14 are verified to be affected.",
  "id": "GHSA-fcqh-qv75-jmrg",
  "modified": "2025-04-20T03:31:23Z",
  "published": "2022-05-17T02:55:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10102"
    },
    {
      "type": "WEB",
      "url": "https://rastamouse.me/guff/2016/automize"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96848"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FFG3-3XWJ-F92R

Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-05-24 19:07
VLAI
Details

Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-34430"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-08T03:15:00Z",
    "severity": "HIGH"
  },
  "details": "Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic.",
  "id": "GHSA-ffg3-3xwj-f92r",
  "modified": "2022-05-24T19:07:18Z",
  "published": "2022-05-24T19:07:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34430"
    },
    {
      "type": "WEB",
      "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=568803"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-FFQX-Q65F-36JF

Vulnerability from github – Published: 2026-03-27 00:31 – Updated: 2026-05-07 04:07
VLAI
Summary
Grafana Tempo has Inadequate Encryption Strength
Details

A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3.

Grafana thanks william_goodfellow for reporting this vulnerability.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/grafana/tempo"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-28377"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-07T04:07:51Z",
    "nvd_published_at": "2026-03-26T22:16:28Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3.\n\nGrafana thanks william_goodfellow for reporting this vulnerability.",
  "id": "GHSA-ffqx-q65f-36jf",
  "modified": "2026-05-07T04:07:51Z",
  "published": "2026-03-27T00:31:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28377"
    },
    {
      "type": "WEB",
      "url": "https://github.com/grafana/tempo/commit/bb8ca663db34a0980c9758b40d918fda3b4dbec3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/grafana/tempo"
    },
    {
      "type": "WEB",
      "url": "https://github.com/grafana/tempo/blob/4dc3e5b0d3463a0b67498b662b85a148698b4afd/CHANGELOG.md?plain=1#L135"
    },
    {
      "type": "WEB",
      "url": "https://grafana.com/security/security-advisories/cve-2026-28377"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Grafana Tempo has Inadequate Encryption Strength"
}

Mitigation
Architecture and Design

Use an encryption scheme that is currently considered to be strong by experts in the field.

CAPEC-112: Brute Force

In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.

CAPEC-192: Protocol Analysis

An adversary engages in activities to decipher and/or decode protocol information for a network or application communication protocol used for transmitting information between interconnected nodes or systems on a packet-switched data network. While this type of analysis involves the analysis of a networking protocol inherently, it does not require the presence of an actual or physical network.

CAPEC-20: Encryption Brute Forcing

An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.