CWE-203
AllowedObservable Discrepancy
Abstraction: Base · Status: Incomplete
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
836 vulnerabilities reference this CWE, most recent first.
GHSA-RVJP-8QJ4-8P29
Vulnerability from github – Published: 2023-03-21 06:30 – Updated: 2023-03-23 16:30Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/answerdev/answer"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-1538"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-208"
],
"github_reviewed": true,
"github_reviewed_at": "2023-03-21T22:32:24Z",
"nvd_published_at": "2023-03-21T05:15:00Z",
"severity": "MODERATE"
},
"details": "Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6.",
"id": "GHSA-rvjp-8qj4-8p29",
"modified": "2023-03-23T16:30:08Z",
"published": "2023-03-21T06:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1538"
},
{
"type": "WEB",
"url": "https://github.com/answerdev/answer/commit/813ad0b9894673b1bdd489a2e9ab60a44fe990af"
},
{
"type": "PACKAGE",
"url": "https://github.com/answerdev/answer"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/ac0271eb-660f-4966-8b57-4bc660a9a1a0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Answer has Observable Timing Discrepancy"
}
GHSA-V3QQ-W6XC-RJMW
Vulnerability from github – Published: 2022-05-13 01:53 – Updated: 2022-05-13 01:53A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx being used.
{
"affected": [],
"aliases": [
"CVE-2018-9192"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-05T13:29:00Z",
"severity": "MODERATE"
},
"details": "A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server\u0027s private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx being used.",
"id": "GHSA-v3qq-w6xc-rjmw",
"modified": "2022-05-13T01:53:52Z",
"published": "2022-05-13T01:53:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9192"
},
{
"type": "WEB",
"url": "https://fortiguard.com/advisory/FG-IR-17-302"
},
{
"type": "WEB",
"url": "https://robotattack.org"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/144389"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-V435-XC8X-WVR9
Vulnerability from github – Published: 2024-05-14 15:32 – Updated: 2024-09-09 21:27An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.bouncycastle:bctls-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.19"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.bouncycastle:bcprov-jdk18on"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.78"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.bouncycastle:bcprov-jdk15on"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.78"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.bouncycastle:bcprov-jdk15to18"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.78"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.bouncycastle:bcprov-jdk14"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.78"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.bouncycastle:bctls-jdk18on"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.78"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.bouncycastle:bctls-jdk14"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.78"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.bouncycastle:bctls-jdk15to18"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.78"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c 2.3.1"
},
"package": {
"ecosystem": "NuGet",
"name": "BouncyCastle"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "BouncyCastle.Cryptography"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-30171"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": true,
"github_reviewed_at": "2024-05-14T20:22:03Z",
"nvd_published_at": "2024-05-14T15:21:52Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.",
"id": "GHSA-v435-xc8x-wvr9",
"modified": "2024-09-09T21:27:50Z",
"published": "2024-05-14T15:32:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30171"
},
{
"type": "WEB",
"url": "https://github.com/bcgit/bc-csharp/commit/c984b8bfd8544dfc55dba91a02cbbbb9c580c217"
},
{
"type": "WEB",
"url": "https://github.com/bcgit/bc-java/commit/d7d5e735abd64bf0f413f54fd9e495fc02400fb0"
},
{
"type": "WEB",
"url": "https://github.com/bcgit/bc-java/commit/e0569dcb1dea9d421d84fc4c5c5688fe101afa2d"
},
{
"type": "WEB",
"url": "https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030171"
},
{
"type": "WEB",
"url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030171"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240614-0008"
},
{
"type": "WEB",
"url": "https://www.bouncycastle.org/latest_releases.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Bouncy Castle affected by timing side-channel for RSA key exchange (\"The Marvin Attack\")"
}
GHSA-V4Q2-M262-XC6J
Vulnerability from github – Published: 2023-10-30 18:30 – Updated: 2023-11-06 18:30In ActivityManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2023-21301"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-30T17:15:48Z",
"severity": "MODERATE"
},
"details": "In ActivityManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-v4q2-m262-xc6j",
"modified": "2023-11-06T18:30:17Z",
"published": "2023-10-30T18:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21301"
},
{
"type": "WEB",
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-V5M9-PHXH-M6WJ
Vulnerability from github – Published: 2026-02-13 00:32 – Updated: 2026-02-13 00:32OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Attackers can send crafted GET requests to /index.php/core/ajax/share.php with a wildcard search parameter to retrieve comprehensive user information.
{
"affected": [],
"aliases": [
"CVE-2019-25337"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-12T23:16:07Z",
"severity": "MODERATE"
},
"details": "OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Attackers can send crafted GET requests to /index.php/core/ajax/share.php with a wildcard search parameter to retrieve comprehensive user information.",
"id": "GHSA-v5m9-phxh-m6wj",
"modified": "2026-02-13T00:32:52Z",
"published": "2026-02-13T00:32:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25337"
},
{
"type": "WEB",
"url": "https://ftp.icm.edu.pl/packages/owncloud"
},
{
"type": "WEB",
"url": "https://owncloud.org"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/47745"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/owncloud-username-disclosure"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-V5P4-QXG5-3JH2
Vulnerability from github – Published: 2022-05-24 19:18 – Updated: 2022-05-24 19:18In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts.
{
"affected": [],
"aliases": [
"CVE-2021-34580"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-204"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-27T11:15:00Z",
"severity": "HIGH"
},
"details": "In mymbCONNECT24, mbCONNECT24 \u003c= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts.",
"id": "GHSA-v5p4-qxg5-3jh2",
"modified": "2022-05-24T19:18:58Z",
"published": "2022-05-24T19:18:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34580"
},
{
"type": "WEB",
"url": "https://cert.vde.com/en/advisories/VDE-2021-037"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-V893-Q2RG-WWFX
Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2022-05-13 01:47WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this vulnerability to enumerate valid usernames on an affected Firebox.
{
"affected": [],
"aliases": [
"CVE-2017-8055"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-22T22:59:00Z",
"severity": "MODERATE"
},
"details": "WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this vulnerability to enumerate valid usernames on an affected Firebox.",
"id": "GHSA-v893-q2rg-wwfx",
"modified": "2022-05-13T01:47:15Z",
"published": "2022-05-13T01:47:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8055"
},
{
"type": "WEB",
"url": "https://packetstormsecurity.com/files/142177/watchguardfbxtm-xxeinject.txt"
},
{
"type": "WEB",
"url": "https://www.sidertia.com/Home/Community/Blog/2017/04/17/Fixed-the-Fireware-Vulnerabilities-discovered-by-Sidertia"
},
{
"type": "WEB",
"url": "https://www.watchguard.com/support/release-notes/fireware/11/en-US/EN_ReleaseNotes_Fireware_11_12_2/index.html"
},
{
"type": "WEB",
"url": "http://watchguardsupport.force.com/publicKB?type=KBSecurityIssues\u0026SFDCID=kA62A0000000KlGSAU"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-V8JC-H92C-W33G
Vulnerability from github – Published: 2023-09-20 03:30 – Updated: 2024-01-25 21:32NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering.
{
"affected": [],
"aliases": [
"CVE-2023-25529"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-208"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-20T01:15:53Z",
"severity": "HIGH"
},
"details": "NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user\u2019s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering.",
"id": "GHSA-v8jc-h92c-w33g",
"modified": "2024-01-25T21:32:12Z",
"published": "2023-09-20T03:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25529"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5473"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5510"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-V9C8-GCWH-7XVH
Vulnerability from github – Published: 2023-05-08 21:31 – Updated: 2024-04-04 03:51This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to access user-sensitive data
{
"affected": [],
"aliases": [
"CVE-2023-27931"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-08T20:15:17Z",
"severity": "MODERATE"
},
"details": "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to access user-sensitive data",
"id": "GHSA-v9c8-gcwh-7xvh",
"modified": "2024-04-04T03:51:38Z",
"published": "2023-05-08T21:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27931"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213603"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213604"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213670"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213674"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213676"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213678"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213603"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213604"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-V9PP-GJXR-78JP
Vulnerability from github – Published: 2024-11-11 00:30 – Updated: 2024-11-26 18:38Certain Cypress (and Broadcom) Wireless Combo chips, when a January 2021 firmware update is not present, allow inferences about memory content via a "Spectra" attack.
{
"affected": [],
"aliases": [
"CVE-2020-10369"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-10T23:15:04Z",
"severity": "MODERATE"
},
"details": "Certain Cypress (and Broadcom) Wireless Combo chips, when a January 2021 firmware update is not present, allow inferences about memory content via a \"Spectra\" attack.",
"id": "GHSA-v9pp-gjxr-78jp",
"modified": "2024-11-26T18:38:51Z",
"published": "2024-11-11T00:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10369"
},
{
"type": "WEB",
"url": "https://github.com/RPi-Distro/bluez-firmware/commit/8445a53ce2c51a77472b908a0c8f6f8e1fa5c37a"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052676"
},
{
"type": "WEB",
"url": "https://www.informatik.tu-darmstadt.de/fb20/aktuelles_fb20/fb20_neuigkeiten/neuigkeiten_fb20_details_203136.de.jsp"
},
{
"type": "WEB",
"url": "https://www.informatik.tu-darmstadt.de/seemoo/team_seemoo/jiska_classen/index.en.jsp"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-39
- Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
- If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
- Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
CAPEC-189: Black Box Reverse Engineering
An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs. Black Box Reverse Engineering also refers to gathering physical side effects of a hardware device, such as electromagnetic radiation or sounds.