CWE-203
AllowedObservable Discrepancy
Abstraction: Base · Status: Incomplete
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
836 vulnerabilities reference this CWE, most recent first.
GHSA-5GVR-285Q-PWC3
Vulnerability from github – Published: 2024-02-04 15:30 – Updated: 2024-06-28 18:31A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.
{
"affected": [],
"aliases": [
"CVE-2023-6240"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-327",
"CWE-402"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-04T14:15:47Z",
"severity": "MODERATE"
},
"details": "A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.",
"id": "GHSA-5gvr-285q-pwc3",
"modified": "2024-06-28T18:31:42Z",
"published": "2024-02-04T15:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6240"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1881"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1882"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2758"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3414"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3421"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3618"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:3627"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-6240"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250843"
},
{
"type": "WEB",
"url": "https://people.redhat.com/~hkario/marvin"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240628-0002"
},
{
"type": "WEB",
"url": "https://securitypitfalls.wordpress.com/2023/10/16/experiment-with-side-channel-attacks-yourself"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5JCC-WRCP-3MXC
Vulnerability from github – Published: 2023-04-14 15:30 – Updated: 2024-04-04 03:28SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information.
{
"affected": [],
"aliases": [
"CVE-2023-29850"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-14T14:15:00Z",
"severity": "HIGH"
},
"details": "SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user\u0027s geolocation and device information.",
"id": "GHSA-5jcc-wrcp-3mxc",
"modified": "2024-04-04T03:28:10Z",
"published": "2023-04-14T15:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29850"
},
{
"type": "WEB",
"url": "https://github.com/slims/slims9_bulian/issues/186"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5JJV-X4FQ-QJWP
Vulnerability from github – Published: 2020-10-05 15:48 – Updated: 2023-05-16 16:18Impact
When using the derivation_endpoint plugin, it's possible for the attacker to use a timing attack to guess the signature of the derivation URL.
Patches
The problem has been fixed by comparing sent and calculated signature in constant time, using Rack::Utils.secure_compare. Users using the derivation_endpoint plugin are urged to upgrade to Shrine 3.3.0 or greater.
Workarounds
Users of older Shrine versions can apply the following monkey-patch after loading the derivation_endpoint plugin:
class Shrine
class UrlSigner
def verify_signature(string, signature)
if signature.nil?
fail InvalidSignature, "missing \"signature\" param"
elsif !Rack::Utils.secure_compare(signature, generate_signature(string))
fail InvalidSignature, "provided signature does not match the calculated signature"
end
end
end
end
References
You can read more about timing attacks here.
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "shrine"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-15237"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-208"
],
"github_reviewed": true,
"github_reviewed_at": "2020-10-05T15:46:53Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Impact\n\nWhen using the `derivation_endpoint` plugin, it\u0027s possible for the attacker to use a timing attack to guess the signature of the derivation URL.\n\n### Patches\n\nThe problem has been fixed by comparing sent and calculated signature in constant time, using `Rack::Utils.secure_compare`. Users using the `derivation_endpoint` plugin are urged to upgrade to Shrine 3.3.0 or greater.\n\n### Workarounds\n\nUsers of older Shrine versions can apply the following monkey-patch after loading the `derivation_endpoint` plugin:\n\n```rb\nclass Shrine\n class UrlSigner\n def verify_signature(string, signature)\n if signature.nil?\n fail InvalidSignature, \"missing \\\"signature\\\" param\"\n elsif !Rack::Utils.secure_compare(signature, generate_signature(string))\n fail InvalidSignature, \"provided signature does not match the calculated signature\"\n end\n end\n end\nend\n```\n\n### References\n\nYou can read more about timing attacks [here](https://en.wikipedia.org/wiki/Timing_attack).",
"id": "GHSA-5jjv-x4fq-qjwp",
"modified": "2023-05-16T16:18:49Z",
"published": "2020-10-05T15:48:34Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/shrinerb/shrine/security/advisories/GHSA-5jjv-x4fq-qjwp"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15237"
},
{
"type": "WEB",
"url": "https://github.com/shrinerb/shrine/commit/1b27090ce31543bf39f186c20ea47c8250fca2f0"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/shrine/CVE-2020-15237.yml"
},
{
"type": "PACKAGE",
"url": "https://github.com/shrinerb/shrine"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Possible timing attack in derivation_endpoint"
}
GHSA-5M9G-M2VJ-47R4
Vulnerability from github – Published: 2024-01-30 15:30 – Updated: 2024-01-30 15:30A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim's page. The unmapping time depends on whether it merges with the victim's page and additional physical pages are created beyond the KSM's "max page share". Through these operations, the attacker can leak the victim's page.
{
"affected": [],
"aliases": [
"CVE-2024-0564"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-99"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-30T15:15:08Z",
"severity": "MODERATE"
},
"details": "A flaw was found in the Linux kernel\u0027s memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is \"max page sharing=256\", it is possible for the attacker to time the unmap to merge with the victim\u0027s page. The unmapping time depends on whether it merges with the victim\u0027s page and additional physical pages are created beyond the KSM\u0027s \"max page share\". Through these operations, the attacker can leak the victim\u0027s page.",
"id": "GHSA-5m9g-m2vj-47r4",
"modified": "2024-01-30T15:30:22Z",
"published": "2024-01-30T15:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0564"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-0564"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258514"
},
{
"type": "WEB",
"url": "https://link.springer.com/conference/wisa"
},
{
"type": "WEB",
"url": "https://wisa.or.kr/accepted"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5MR9-CRCG-8WH2
Vulnerability from github – Published: 2026-03-16 15:30 – Updated: 2026-03-18 16:08Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexistent versus private channels. Mattermost Advisory ID: MMSA-2026-00588
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.0-20260130144323-5bb5261c72fa"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.3.2-0.20260130144323-5bb5261c72fa"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost-server"
},
"ranges": [
{
"events": [
{
"introduced": "10.11.0-rc1"
},
{
"fixed": "10.11.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost-server"
},
"ranges": [
{
"events": [
{
"introduced": "11.2.0-rc1"
},
{
"fixed": "11.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost-server"
},
"ranges": [
{
"events": [
{
"introduced": "11.3.0-rc1"
},
{
"fixed": "11.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-21386"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-18T16:08:43Z",
"nvd_published_at": "2026-03-16T15:16:20Z",
"severity": "MODERATE"
},
"details": "Mattermost versions 11.3.x \u003c= 11.3.0, 11.2.x \u003c= 11.2.2, 10.11.x \u003c= 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexistent versus private channels. Mattermost Advisory ID: MMSA-2026-00588",
"id": "GHSA-5mr9-crcg-8wh2",
"modified": "2026-03-18T16:08:43Z",
"published": "2026-03-16T15:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21386"
},
{
"type": "WEB",
"url": "https://github.com/mattermost/mattermost/commit/5bb5261c72faa476558a694c23581d24b734da41"
},
{
"type": "PACKAGE",
"url": "https://github.com/mattermost/mattermost"
},
{
"type": "WEB",
"url": "https://mattermost.com/security-updates"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Mattermost fails to use consistent error responses when handling the /mute command"
}
GHSA-5P66-CRX7-H9M4
Vulnerability from github – Published: 2023-06-23 18:30 – Updated: 2024-04-04 05:06This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information
{
"affected": [],
"aliases": [
"CVE-2022-42792"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-23T18:15:10Z",
"severity": "MODERATE"
},
"details": "This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information",
"id": "GHSA-5p66-crx7-h9m4",
"modified": "2024-04-04T05:06:59Z",
"published": "2023-06-23T18:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42792"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213489"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5PJ8-C4H5-H95P
Vulnerability from github – Published: 2023-06-02 18:30 – Updated: 2024-04-04 04:29The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
{
"affected": [],
"aliases": [
"CVE-2023-25728"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-02T17:15:11Z",
"severity": "MODERATE"
},
"details": "The \u003ccode\u003eContent-Security-Policy-Report-Only\u003c/code\u003e header could allow an attacker to leak a child iframe\u0027s unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8.",
"id": "GHSA-5pj8-c4h5-h95p",
"modified": "2024-04-04T04:29:51Z",
"published": "2023-06-02T18:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25728"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1790345"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-05"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-06"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-07"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5PV8-PPVJ-4H68
Vulnerability from github – Published: 2021-05-13 20:23 – Updated: 2024-02-26 12:39Description
The ability to enumerate users was possible without relevant permissions due to different exception messages depending on whether the user existed or not. It was also possible to enumerate users by using a timing attack, by comparing time elapsed when authenticating an existing user and authenticating a non-existing user.
Resolution
We now ensure that 403s are returned whether the user exists or not if the password is invalid or if the user does not exist.
The patch for this issue is available here for branch 3.4.
Credits
I would like to thank James Isaac and Mathias Brodala for reporting the issue and Robin Chalas for fixing the issue.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/security"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.2.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/security-guard"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "3.4.48"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/security-guard"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.4.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/security-guard"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.2.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/security-core"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "3.4.48"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/security-core"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.4.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/security-core"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.2.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "lexik/jwt-authentication-bundle"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.10.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "lexik/jwt-authentication-bundle"
},
"ranges": [
{
"events": [
{
"introduced": "2.11.0"
},
{
"fixed": "2.11.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/maker-bundle"
},
"ranges": [
{
"events": [
{
"introduced": "1.27.0"
},
{
"fixed": "1.29.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/maker-bundle"
},
"ranges": [
{
"events": [
{
"introduced": "1.30.0"
},
{
"fixed": "1.31.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/security-http"
},
"ranges": [
{
"events": [
{
"introduced": "5.1.0"
},
{
"fixed": "5.2.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/security"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "3.4.49"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/security"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.4.24"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/symfony"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "3.4.49"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/symfony"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.4.24"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/symfony"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.2.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-21424"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-203"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-13T15:25:38Z",
"nvd_published_at": "2021-05-13T16:15:00Z",
"severity": "MODERATE"
},
"details": "Description\n-----------\n\nThe ability to enumerate users was possible without relevant permissions due to different exception messages depending on whether the user existed or not. It was also possible to enumerate users by using a timing attack, by comparing time elapsed when authenticating an existing user and authenticating a non-existing user.\n\nResolution\n----------\n\nWe now ensure that 403s are returned whether the user exists or not if the password is invalid or if the user does not exist.\n\nThe patch for this issue is available [here](https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011) for branch 3.4.\n\nCredits\n-------\n\nI would like to thank James Isaac and Mathias Brodala for reporting the issue and Robin Chalas for fixing the issue.",
"id": "GHSA-5pv8-ppvj-4h68",
"modified": "2024-02-26T12:39:59Z",
"published": "2021-05-13T20:23:02Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21424"
},
{
"type": "WEB",
"url": "https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011"
},
{
"type": "WEB",
"url": "https://symfony.com/cve-2021-21424"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html"
},
{
"type": "PACKAGE",
"url": "https://github.com/symfony/symfony"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-21424.yaml"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2021-21424.yaml"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-21424.yaml"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-guard/CVE-2021-21424.yaml"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/maker-bundle/CVE-2021-21424.yaml"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/lexik/jwt-authentication-bundle/CVE-2021-21424.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Prevent user enumeration using Guard or the new Authenticator-based Security"
}
GHSA-5QXG-5VWH-7J5J
Vulnerability from github – Published: 2023-04-25 21:30 – Updated: 2024-04-04 03:40The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a user is found to not exist.
{
"affected": [],
"aliases": [
"CVE-2022-40482"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-25T19:15:10Z",
"severity": "MODERATE"
},
"details": "The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\\Auth\\SessionGuard class when a user is found to not exist.",
"id": "GHSA-5qxg-5vwh-7j5j",
"modified": "2024-04-04T03:40:51Z",
"published": "2023-04-25T21:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40482"
},
{
"type": "WEB",
"url": "https://github.com/laravel/framework/pull/44069"
},
{
"type": "WEB",
"url": "https://ephort.dk/blog/laravel-timing-attack-vulnerability"
},
{
"type": "WEB",
"url": "https://github.com/ephort/laravel-user-enumeration-demo"
},
{
"type": "WEB",
"url": "https://github.com/laravel/framework/releases/tag/v9.32.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5R33-MGJF-6656
Vulnerability from github – Published: 2023-08-16 15:30 – Updated: 2023-08-16 21:10Jenkins Tuleap Authentication Plugin 1.1.20 and earlier does not use a constant-time comparison when checking whether two authentication tokens are equal.
This could potentially allow attackers to use statistical methods to obtain a valid authentication token.
Tuleap Authentication Plugin 1.1.21 uses a constant-time comparison when validating authentication tokens.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "io.jenkins.plugins:tuleap-oauth"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.21"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-40343"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": true,
"github_reviewed_at": "2023-08-16T21:10:56Z",
"nvd_published_at": "2023-08-16T15:15:11Z",
"severity": "LOW"
},
"details": "Jenkins Tuleap Authentication Plugin 1.1.20 and earlier does not use a constant-time comparison when checking whether two authentication tokens are equal.\n\nThis could potentially allow attackers to use statistical methods to obtain a valid authentication token.\n\nTuleap Authentication Plugin 1.1.21 uses a constant-time comparison when validating authentication tokens.",
"id": "GHSA-5r33-mgjf-6656",
"modified": "2023-08-16T21:10:56Z",
"published": "2023-08-16T15:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40343"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3229"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/08/16/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Jenkins Tuleap Authentication Plugin non-constant time token comparison"
}
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-39
- Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
- If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
- Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
CAPEC-189: Black Box Reverse Engineering
An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs. Black Box Reverse Engineering also refers to gathering physical side effects of a hardware device, such as electromagnetic radiation or sounds.