Common Weakness Enumeration

CWE-203

Allowed

Observable Discrepancy

Abstraction: Base · Status: Incomplete

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

836 vulnerabilities reference this CWE, most recent first.

GHSA-F9F9-4R63-4QCC

Vulnerability from github – Published: 2022-10-19 19:00 – Updated: 2022-12-16 17:22
VLAI
Summary
Non-constant time webhook token comparison in Jenkins GitLab Plugin
Details

GitLab Plugin 1.5.35 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal.

This could potentially allow attackers to use statistical methods to obtain a valid webhook token.

GitLab Plugin 1.5.36 uses a constant-time comparison when validating the webhook token.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.5.35"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:gitlab-plugin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.5.36"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-43411"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-208"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-10-19T22:22:43Z",
    "nvd_published_at": "2022-10-19T16:15:00Z",
    "severity": "LOW"
  },
  "details": "GitLab Plugin 1.5.35 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal.\n\nThis could potentially allow attackers to use statistical methods to obtain a valid webhook token.\n\nGitLab Plugin 1.5.36 uses a constant-time comparison when validating the webhook token.",
  "id": "GHSA-f9f9-4r63-4qcc",
  "modified": "2022-12-16T17:22:29Z",
  "published": "2022-10-19T19:00:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43411"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/gitlab-plugin/commit/882f84c6a42b42b74ff7c9803d814f61b8fde0ed"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/gitlab-plugin"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2877"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Non-constant time webhook token comparison in Jenkins GitLab Plugin"
}

GHSA-FC44-R4GX-VW32

Vulnerability from github – Published: 2023-07-17 18:31 – Updated: 2024-04-04 06:11
VLAI
Details

TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-34669"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-17T17:15:09Z",
    "severity": "HIGH"
  },
  "details": "TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system.",
  "id": "GHSA-fc44-r4gx-vw32",
  "modified": "2024-04-04T06:11:07Z",
  "published": "2023-07-17T18:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34669"
    },
    {
      "type": "WEB",
      "url": "https://w3b5h3ll.notion.site/w3b5h3ll/TOTOLINK-CP300-c96d775881f0476b9ef465dba9c6d9b8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FCMV-MQRC-FR3C

Vulnerability from github – Published: 2026-07-11 15:30 – Updated: 2026-07-11 15:30
VLAI
Details

Cap-go before 12.128.2 contains an information disclosure vulnerability in the public.transfer_app RPC function that returns distinct error messages for existing versus non-existing app IDs. Unauthenticated attackers can enumerate valid app IDs by observing error message differences when calling transfer_app with only the publishable API key.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-56296"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-11T14:16:21Z",
    "severity": "MODERATE"
  },
  "details": "Cap-go before 12.128.2 contains an information disclosure vulnerability in the public.transfer_app RPC function that returns distinct error messages for existing versus non-existing app IDs. Unauthenticated attackers can enumerate valid app IDs by observing error message differences when calling transfer_app with only the publishable API key.",
  "id": "GHSA-fcmv-mqrc-fr3c",
  "modified": "2026-07-11T15:30:21Z",
  "published": "2026-07-11T15:30:21Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Cap-go/capgo/security/advisories/GHSA-fmm3-3qcg-85j6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-56296"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/cap-go-app-existence-oracle-via-unauthenticated-transfer-app-rpc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-FG52-XJFC-9RH8

Vulnerability from github – Published: 2022-05-24 16:51 – Updated: 2022-12-16 14:34
VLAI
Summary
Pterodactyl vulnerable to 2FA Sniffing
Details

Pterodactyl version 0.7.13 and lower - 2FA Sniffing

Users who have enabled 2FA protections on their account can unintentionally have their account's existence sniffed by malicious users who enter random credentials into the login fields.

Impact

Users who have enabled 2FA protections on their account can unintentionally have their account's existence sniffed by malicious users who enter random credentials into the login fields.

A logical mistake was made when the original code was written that would wait to verify the user's password until they had provided 2FA credentials if it was enabled on their account. However, because of this you could enter a bad password for a known email and determine if the account exists if you got redirected to a 2FA page.

For more information

If you have any questions or comments about this advisory please react out on Discord or email dane@[project name].io.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.7.13"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "pterodactyl/panel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.7.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-1020002"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-16T14:34:49Z",
    "nvd_published_at": "2019-07-29T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "**Pterodactyl version 0.7.13 and lower - 2FA Sniffing**\n\nUsers who have enabled 2FA protections on their account can unintentionally have their account\u0027s existence sniffed by malicious users who enter random credentials into the login fields.\n\n### Impact\nUsers who have enabled 2FA protections on their account can unintentionally have their account\u0027s existence sniffed by malicious users who enter random credentials into the login fields.\n\nA logical mistake was made when the original code was written that would wait to verify the user\u0027s password until they had provided 2FA credentials if it was enabled on their account. However, because of this you could enter a bad password for a known email and determine if the account exists if you got redirected to a 2FA page.\n\n### For more information\nIf you have any questions or comments about this advisory please react out on Discord or email dane@[project name].io.",
  "id": "GHSA-fg52-xjfc-9rh8",
  "modified": "2022-12-16T14:34:49Z",
  "published": "2022-05-24T16:51:37Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/pterodactyl/panel/security/advisories/GHSA-vcm9-hx3q-qwj8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1020002"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pterodactyl/panel/commit/092e7e79fff858ee026608c7dbccab165a67526f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/pterodactyl/panel"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pterodactyl/panel/releases/tag/v0.7.14"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Pterodactyl vulnerable to 2FA Sniffing"
}

GHSA-FGMR-VX7C-5WJ6

Vulnerability from github – Published: 2019-09-26 21:30 – Updated: 2021-07-27 21:51
VLAI
Summary
Timing attack on HMAC signature comparison in Apache Tapestry
Details

The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison should be done with a constant time algorithm instead.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tapestry:tapestry-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.4"
            },
            {
              "fixed": "5.4.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-10071"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-697"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2019-09-23T22:30:40Z",
    "nvd_published_at": "2019-09-16T18:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison should be done with a constant time algorithm instead.",
  "id": "GHSA-fgmr-vx7c-5wj6",
  "modified": "2021-07-27T21:51:14Z",
  "published": "2019-09-26T21:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10071"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/6e8f42c88da7be3c60aafe3f6a85eb00b4f8b444de26b38d36233a43@%3Cusers.tapestry.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/7a437dad5af7309aba4d01bfc2463b3ac34e6aafaa565381d3a36460@%3Cusers.tapestry.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c@%3Cusers.tapestry.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c@%3Ccommits.tapestry.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843@%3Ccommits.tapestry.apache.org%3E"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Timing attack on HMAC signature comparison in Apache Tapestry"
}

GHSA-FGR3-J7RX-4HFV

Vulnerability from github – Published: 2022-05-24 17:27 – Updated: 2022-11-16 19:00
VLAI
Details

A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-16150"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-02T16:15:00Z",
    "severity": "LOW"
  },
  "details": "A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length.",
  "id": "GHSA-fgr3-j7rx-4hfv",
  "modified": "2022-11-16T19:00:32Z",
  "published": "2022-05-24T17:27:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16150"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OSOFUD6UTGTDDSQRS62BPXDU52I6PUA"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRPBHCQKZXHVKOP5O5EWE7P76AWGUXQJ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD3NM6GD73CTFFRBKG5G2ACXGG7QQHCC"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5OSOFUD6UTGTDDSQRS62BPXDU52I6PUA"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IRPBHCQKZXHVKOP5O5EWE7P76AWGUXQJ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OD3NM6GD73CTFFRBKG5G2ACXGG7QQHCC"
    },
    {
      "type": "WEB",
      "url": "https://tls.mbed.org/tech-updates/security-advisories"
    },
    {
      "type": "WEB",
      "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FHJW-QVV3-45M7

Vulnerability from github – Published: 2025-07-14 09:31 – Updated: 2025-07-14 09:31
VLAI
Details

A vulnerability in the External Interface of OTRS allows conclusions to be drawn about the existence of user accounts through different HTTP response codes and messages. This enables an attacker to systematically identify valid email addresses.

This issue affects:

  • OTRS 7.0.X

  • OTRS 8.0.X

  • OTRS 2023.X
  • OTRS 2024.X
  • OTRS 2025.X
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-24391"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-14T09:15:23Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the External Interface of OTRS allows conclusions to be drawn about the existence of user accounts through different HTTP response codes and messages. This enables an attacker to systematically identify valid email addresses.\n\nThis issue affects: \n\n  *  OTRS 7.0.X\n\n  *  OTRS 8.0.X\n  *  OTRS 2023.X\n  *  OTRS 2024.X\n  *  OTRS 2025.X",
  "id": "GHSA-fhjw-qvv3-45m7",
  "modified": "2025-07-14T09:31:04Z",
  "published": "2025-07-14T09:31:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24391"
    },
    {
      "type": "WEB",
      "url": "https://otrs.com/release-notes/otrs-security-advisory-2025-07"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FJ6F-6933-839J

Vulnerability from github – Published: 2022-05-24 17:07 – Updated: 2022-12-19 21:06
VLAI
Summary
Non-constant time HMAC comparison
Details

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier does not use a constant-time comparison when checking whether two HMACs are equal. This could potentially allow attackers to use statistical methods to obtain a valid HMAC for an attacker-controlled input value.

Jenkins 2.219, LTS 2.204.2 now uses a constant-time comparison when validating HMACs.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.204.1"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.main:jenkins-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.204.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.218"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.main:jenkins-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.205"
            },
            {
              "fixed": "2.219"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-2102"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-208"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-19T21:06:59Z",
    "nvd_published_at": "2020-01-29T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Jenkins 2.218 and earlier, LTS 2.204.1 and earlier does not use a constant-time comparison when checking whether two HMACs are equal. This could potentially allow attackers to use statistical methods to obtain a valid HMAC for an attacker-controlled input value.\n\nJenkins 2.219, LTS 2.204.2 now uses a constant-time comparison when validating HMACs.",
  "id": "GHSA-fj6f-6933-839j",
  "modified": "2022-12-19T21:06:59Z",
  "published": "2022-05-24T17:07:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2102"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/jenkins/commit/6f35dbb939ebe947bdb1979010b208480f1d0e31"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHBA-2020:0402"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHBA-2020:0675"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0681"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0683"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/jenkins"
    },
    {
      "type": "WEB",
      "url": "https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1660"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/01/29/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Non-constant time HMAC comparison"
}

GHSA-FJ9X-F2WX-V38W

Vulnerability from github – Published: 2022-05-24 17:14 – Updated: 2026-06-05 21:31
VLAI
Details

An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-10932"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-327"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-15T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS.",
  "id": "GHSA-fj9x-f2wx-v38w",
  "modified": "2026-06-05T21:31:49Z",
  "published": "2022-05-24T17:14:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10932"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCWN5HIF4CJ2LZTOMEBJ7Q4IMMV7ZU2V"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNOS2IIBH5WNJXZUV546PY7666DE7Y3L"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCWN5HIF4CJ2LZTOMEBJ7Q4IMMV7ZU2V"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNOS2IIBH5WNJXZUV546PY7666DE7Y3L"
    },
    {
      "type": "WEB",
      "url": "https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released"
    },
    {
      "type": "WEB",
      "url": "https://tls.mbed.org/tech-updates/security-advisories"
    },
    {
      "type": "WEB",
      "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FJQR-32V8-6GF9

Vulnerability from github – Published: 2023-09-27 15:30 – Updated: 2024-04-04 07:55
VLAI
Details

PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-44216"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-27T15:19:39Z",
    "severity": "MODERATE"
  },
  "details": "PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin.",
  "id": "GHSA-fjqr-32v8-6gf9",
  "modified": "2024-04-04T07:55:35Z",
  "published": "2023-09-27T15:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44216"
    },
    {
      "type": "WEB",
      "url": "https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack"
    },
    {
      "type": "WEB",
      "url": "https://blog.imaginationtech.com/introducing-pvric4-taking-image-compression-to-the-next-level"
    },
    {
      "type": "WEB",
      "url": "https://blog.imaginationtech.com/reducing-bandwidth-pvric"
    },
    {
      "type": "WEB",
      "url": "https://github.com/UT-Security/gpu-zip"
    },
    {
      "type": "WEB",
      "url": "https://news.ycombinator.com/item?id=37663159"
    },
    {
      "type": "WEB",
      "url": "https://www.bleepingcomputer.com/news/security/modern-gpus-vulnerable-to-new-gpuzip-side-channel-attack"
    },
    {
      "type": "WEB",
      "url": "https://www.hertzbleed.com/gpu.zip"
    },
    {
      "type": "WEB",
      "url": "https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.w3.org/TR/filter-effects-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-39
Implementation
  • Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
  • If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
  • Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
CAPEC-189: Black Box Reverse Engineering

An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs. Black Box Reverse Engineering also refers to gathering physical side effects of a hardware device, such as electromagnetic radiation or sounds.