CWE-213
AllowedExposure of Sensitive Information Due to Incompatible Policies
Abstraction: Base · Status: Draft
The product's intended functionality exposes information to certain actors in accordance with the developer's security policy, but this information is regarded as sensitive according to the intended security policies of other stakeholders such as the product's administrator, users, or others whose information is being processed.
51 vulnerabilities reference this CWE, most recent first.
GHSA-7563-75J9-6H5P
Vulnerability from github – Published: 2022-03-14 22:26 – Updated: 2022-03-15 21:47Impact
Any other user can view the data if the browser tab remains open after logging out. Once someone logs out and leaves the browser open, the potential attacker may use the back button to see the content exposed on given screens. No action may be performed though, and any website refresh will block further reads. It may, however, lead to a data leak, like for example customer details, payment gateway configuration, etc.- but only if these were pages checked by the administrator.
This vulnerability requires full access to the computer to take advantage of it.
Patches
The issue is fixed in versions: 1.9.10, 1.10.11, 1.11.2 and above.
Workarounds
The application must strictly redirect to the login page even when the browser back button is pressed. Another possibility is to set more strict cache policies for restricted content (like no-store). It can be achieved with the following class:
<?php
declare(strict_types=1);
namespace App\EventListener;
use App\SectionResolver\ShopCustomerAccountSubSection;
use Sylius\Bundle\AdminBundle\SectionResolver\AdminSection;
use Sylius\Bundle\CoreBundle\SectionResolver\SectionProviderInterface;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpKernel\Event\ResponseEvent;
use Symfony\Component\HttpKernel\KernelEvents;
final class CacheControlSubscriber implements EventSubscriberInterface
{
/** @var SectionProviderInterface */
private $sectionProvider;
public function __construct(SectionProviderInterface $sectionProvider)
{
$this->sectionProvider = $sectionProvider;
}
public static function getSubscribedEvents(): array
{
return [
KernelEvents::RESPONSE => 'setCacheControlDirectives',
];
}
public function setCacheControlDirectives(ResponseEvent $event): void
{
if (
!$this->sectionProvider->getSection() instanceof AdminSection &&
!$this->sectionProvider->getSection() instanceof ShopCustomerAccountSubSection
) {
return;
}
$response = $event->getResponse();
$response->headers->addCacheControlDirective('no-cache', true);
$response->headers->addCacheControlDirective('max-age', '0');
$response->headers->addCacheControlDirective('must-revalidate', true);
$response->headers->addCacheControlDirective('no-store', true);
}
}
After that register service in the container:
services:
App\EventListener\CacheControlSubscriber:
arguments: ['@sylius.section_resolver.uri_based_section_resolver']
tags:
- { name: kernel.event_subscriber, event: kernel.response }
The code above requires changes in ShopUriBasedSectionResolver in order to work. To backport mentioned logic, you need to replace the Sylius\Bundle\ShopBundle\SectionResolver\ShopUriBasedSectionResolver class with:
<?php
declare(strict_types=1);
namespace App\SectionResolver;
use Sylius\Bundle\CoreBundle\SectionResolver\SectionInterface;
use Sylius\Bundle\CoreBundle\SectionResolver\UriBasedSectionResolverInterface;
use Sylius\Bundle\ShopBundle\SectionResolver\ShopSection;
final class ShopUriBasedSectionResolver implements UriBasedSectionResolverInterface
{
/** @var string */
private $shopCustomerAccountUri;
public function __construct(string $shopCustomerAccountUri = 'account')
{
$this->shopCustomerAccountUri = $shopCustomerAccountUri;
}
public function getSection(string $uri): SectionInterface
{
if (str_contains($uri, $this->shopCustomerAccountUri)) {
return new ShopCustomerAccountSubSection();
}
return new ShopSection();
}
}
services:
sylius.section_resolver.shop_uri_based_section_resolver:
class: App\SectionResolver\ShopUriBasedSectionResolver
tags:
- { name: sylius.uri_based_section_resolver, priority: -10 }
You also need to define a new subsection for the Customer Account that is used in the above services:
<?php
declare(strict_types=1);
namespace App\SectionResolver;
use Sylius\Bundle\ShopBundle\SectionResolver\ShopSection;
class ShopCustomerAccountSubSection extends ShopSection
{
}
References
- Originally published at https://huntr.dev/
For more information
If you have any questions or comments about this advisory: * Open an issue in Sylius issues * Email us at security@sylius.com
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "sylius/sylius"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "sylius/sylius"
},
"ranges": [
{
"events": [
{
"introduced": "1.10"
},
{
"fixed": "1.10.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "sylius/sylius"
},
"ranges": [
{
"events": [
{
"introduced": "1.11"
},
{
"fixed": "1.11.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-24742"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-213",
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2022-03-14T22:26:58Z",
"nvd_published_at": "2022-03-14T20:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nAny other user can view the data if the browser tab remains open after logging out. Once someone logs out and leaves the browser open, the potential attacker may use the back button to see the content exposed on given screens. No action may be performed though, and any website refresh will block further reads. It may, however, lead to a data leak, like for example customer details, payment gateway configuration, etc.- but only if these were pages checked by the administrator. \n\nThis vulnerability requires full access to the computer to take advantage of it.\n\n### Patches\nThe issue is fixed in versions: 1.9.10, 1.10.11, 1.11.2 and above.\n\n### Workarounds\nThe application must strictly redirect to the login page even when the browser back button is pressed. Another possibility is to set more strict cache policies for restricted content (like no-store). It can be achieved with the following class:\n\n```php\n\u003c?php\n\ndeclare(strict_types=1);\n\nnamespace App\\EventListener;\n\nuse App\\SectionResolver\\ShopCustomerAccountSubSection;\nuse Sylius\\Bundle\\AdminBundle\\SectionResolver\\AdminSection;\nuse Sylius\\Bundle\\CoreBundle\\SectionResolver\\SectionProviderInterface;\nuse Symfony\\Component\\EventDispatcher\\EventSubscriberInterface;\nuse Symfony\\Component\\HttpKernel\\Event\\ResponseEvent;\nuse Symfony\\Component\\HttpKernel\\KernelEvents;\n\nfinal class CacheControlSubscriber implements EventSubscriberInterface\n{\n /** @var SectionProviderInterface */\n private $sectionProvider;\n\n public function __construct(SectionProviderInterface $sectionProvider)\n {\n $this-\u003esectionProvider = $sectionProvider;\n }\n\n public static function getSubscribedEvents(): array\n {\n return [\n KernelEvents::RESPONSE =\u003e \u0027setCacheControlDirectives\u0027,\n ];\n }\n\n public function setCacheControlDirectives(ResponseEvent $event): void\n {\n if (\n !$this-\u003esectionProvider-\u003egetSection() instanceof AdminSection \u0026\u0026\n !$this-\u003esectionProvider-\u003egetSection() instanceof ShopCustomerAccountSubSection\n ) {\n return;\n }\n\n $response = $event-\u003egetResponse();\n\n $response-\u003eheaders-\u003eaddCacheControlDirective(\u0027no-cache\u0027, true);\n $response-\u003eheaders-\u003eaddCacheControlDirective(\u0027max-age\u0027, \u00270\u0027);\n $response-\u003eheaders-\u003eaddCacheControlDirective(\u0027must-revalidate\u0027, true);\n $response-\u003eheaders-\u003eaddCacheControlDirective(\u0027no-store\u0027, true);\n }\n}\n```\n\nAfter that register service in the container:\n\n```yaml\nservices:\n App\\EventListener\\CacheControlSubscriber:\n arguments: [\u0027@sylius.section_resolver.uri_based_section_resolver\u0027]\n tags:\n - { name: kernel.event_subscriber, event: kernel.response }\n```\n\nThe code above requires changes in `ShopUriBasedSectionResolver` in order to work. To backport mentioned logic, you need to replace the `Sylius\\Bundle\\ShopBundle\\SectionResolver\\ShopUriBasedSectionResolver` class with:\n\n```php\n\u003c?php\n\ndeclare(strict_types=1);\n\nnamespace App\\SectionResolver;\n\nuse Sylius\\Bundle\\CoreBundle\\SectionResolver\\SectionInterface;\nuse Sylius\\Bundle\\CoreBundle\\SectionResolver\\UriBasedSectionResolverInterface;\nuse Sylius\\Bundle\\ShopBundle\\SectionResolver\\ShopSection;\n\nfinal class ShopUriBasedSectionResolver implements UriBasedSectionResolverInterface\n{\n /** @var string */\n private $shopCustomerAccountUri;\n\n public function __construct(string $shopCustomerAccountUri = \u0027account\u0027)\n {\n $this-\u003eshopCustomerAccountUri = $shopCustomerAccountUri;\n }\n\n public function getSection(string $uri): SectionInterface\n {\n if (str_contains($uri, $this-\u003eshopCustomerAccountUri)) {\n return new ShopCustomerAccountSubSection();\n }\n\n return new ShopSection();\n }\n}\n```\n\n```yaml\nservices:\n sylius.section_resolver.shop_uri_based_section_resolver:\n class: App\\SectionResolver\\ShopUriBasedSectionResolver\n tags:\n - { name: sylius.uri_based_section_resolver, priority: -10 }\n```\n\nYou also need to define a new subsection for the Customer Account that is used in the above services:\n\n```php\n\u003c?php\n\ndeclare(strict_types=1);\n\nnamespace App\\SectionResolver;\n\nuse Sylius\\Bundle\\ShopBundle\\SectionResolver\\ShopSection;\n\nclass ShopCustomerAccountSubSection extends ShopSection\n{\n}\n```\n\n### References\n* Originally published at https://huntr.dev/\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [Sylius issues](https://github.com/Sylius/Sylius/issues)\n* Email us at security@sylius.com\n",
"id": "GHSA-7563-75j9-6h5p",
"modified": "2022-03-15T21:47:08Z",
"published": "2022-03-14T22:26:58Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Sylius/Sylius/security/advisories/GHSA-7563-75j9-6h5p"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24742"
},
{
"type": "PACKAGE",
"url": "https://github.com/Sylius/Sylius"
},
{
"type": "WEB",
"url": "https://github.com/Sylius/Sylius/releases/tag/v1.10.11"
},
{
"type": "WEB",
"url": "https://github.com/Sylius/Sylius/releases/tag/v1.11.2"
},
{
"type": "WEB",
"url": "https://github.com/Sylius/Sylius/releases/tag/v1.9.10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Sensitive Information Exposure in Sylius"
}
GHSA-7CH3-7PP7-7CPQ
Vulnerability from github – Published: 2023-08-22 18:06 – Updated: 2026-06-09 13:12Impact
This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords.
The /-/api API explorer endpoint could reveal the names of both databases and tables - but not their contents - to an unauthenticated user.
Patches
Datasette 1.0a4 has a fix for this issue.
Workarounds
To work around this issue, block all traffic to the /-/api endpoint. This can be done with a proxy such as Apache or NGINX, or by installing the datasette-block plugin and adding the following configuration to your metadata.json or metadata.yml file:
{
"plugins": {
"datasette-block": {
"prefixes": ["/-/api"]
}
}
}
This will block access to the API explorer but will still allow access to the Datasette read or write JSON APIs, as those use different URL patterns within the Datasette /database hierarchy.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "datasette"
},
"ranges": [
{
"events": [
{
"introduced": "1.0a0"
},
{
"fixed": "1.0a4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-40570"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-213"
],
"github_reviewed": true,
"github_reviewed_at": "2023-08-22T18:06:46Z",
"nvd_published_at": "2023-08-25T01:15:09Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nThis bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as [datasette-auth-passwords](https://datasette.io/plugins/datasette-auth-passwords).\n\nThe `/-/api` API explorer endpoint could reveal the names of both databases and tables - but not their contents - to an unauthenticated user.\n\n### Patches\n\nDatasette 1.0a4 has a fix for this issue.\n\n### Workarounds\n\nTo work around this issue, block all traffic to the `/-/api` endpoint. This can be done with a proxy such as Apache or NGINX, or by installing the [datasette-block](https://datasette.io/plugins/datasette-block) plugin and adding the following configuration to your `metadata.json` or `metadata.yml` file:\n\n```json\n{\n \"plugins\": {\n \"datasette-block\": {\n \"prefixes\": [\"/-/api\"]\n }\n }\n}\n```\nThis will block access to the API explorer but will still allow access to the Datasette read or write JSON APIs, as those use different URL patterns within the Datasette `/database` hierarchy.",
"id": "GHSA-7ch3-7pp7-7cpq",
"modified": "2026-06-09T13:12:50Z",
"published": "2023-08-22T18:06:46Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/simonw/datasette/security/advisories/GHSA-7ch3-7pp7-7cpq"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40570"
},
{
"type": "WEB",
"url": "https://github.com/simonw/datasette/commit/01e0558825b8f7ec17d3b691aa072daf122fcc74"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/datasette/PYSEC-2023-154.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/simonw/datasette"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users"
}
GHSA-85X2-VG3F-PXWM
Vulnerability from github – Published: 2025-02-28 18:31 – Updated: 2025-02-28 18:31The Dario Health Internet-based server infrastructure is vulnerable due to exposure of development environment details, which could lead to unsafe functionality.
{
"affected": [],
"aliases": [
"CVE-2025-24316"
],
"database_specific": {
"cwe_ids": [
"CWE-213"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-28T17:15:16Z",
"severity": "MODERATE"
},
"details": "The Dario Health Internet-based server infrastructure is vulnerable due to exposure of development environment details, which could lead to unsafe functionality.",
"id": "GHSA-85x2-vg3f-pxwm",
"modified": "2025-02-28T18:31:05Z",
"published": "2025-02-28T18:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24316"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-058-01"
},
{
"type": "WEB",
"url": "https://www.dariohealth.com/contact"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-8PRJ-XXC7-GMJ9
Vulnerability from github – Published: 2023-06-13 09:30 – Updated: 2024-04-04 04:45A vulnerability has been identified in SIMOTION C240 (All versions >= V5.4 < V5.5 SP1), SIMOTION C240 PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D435-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D435-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D445-2 DP/PN (All versions >= V5.4), SIMOTION D445-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D455-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION P320-4 E (All versions >= V5.4), SIMOTION P320-4 S (All versions >= V5.4). When operated with Security Level Low the device does not protect access to certain services relevant for debugging. This could allow an unauthenticated attacker to extract confidential technology object (TO) configuration from the device.
{
"affected": [],
"aliases": [
"CVE-2023-27465"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-213"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-13T09:15:16Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in SIMOTION C240 (All versions \u003e= V5.4 \u003c V5.5 SP1), SIMOTION C240 PN (All versions \u003e= V5.4 \u003c V5.5 SP1), SIMOTION D410-2 DP (All versions \u003e= V5.4 \u003c V5.5 SP1), SIMOTION D410-2 DP/PN (All versions \u003e= V5.4 \u003c V5.5 SP1), SIMOTION D425-2 DP (All versions \u003e= V5.4 \u003c V5.5 SP1), SIMOTION D425-2 DP/PN (All versions \u003e= V5.4 \u003c V5.5 SP1), SIMOTION D435-2 DP (All versions \u003e= V5.4 \u003c V5.5 SP1), SIMOTION D435-2 DP/PN (All versions \u003e= V5.4 \u003c V5.5 SP1), SIMOTION D445-2 DP/PN (All versions \u003e= V5.4), SIMOTION D445-2 DP/PN (All versions \u003e= V5.4 \u003c V5.5 SP1), SIMOTION D455-2 DP/PN (All versions \u003e= V5.4 \u003c V5.5 SP1), SIMOTION P320-4 E (All versions \u003e= V5.4), SIMOTION P320-4 S (All versions \u003e= V5.4). When operated with Security Level Low the device does not protect access to certain services relevant for debugging. This could allow an unauthenticated attacker to extract confidential technology object (TO) configuration from the device.",
"id": "GHSA-8prj-xxc7-gmj9",
"modified": "2024-04-04T04:45:36Z",
"published": "2023-06-13T09:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27465"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-482956.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CQ2C-35GP-J9QC
Vulnerability from github – Published: 2024-08-07 12:31 – Updated: 2025-03-17 09:31Exposure of Sensitive Information vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to retrieve information about IP infrastructure and credentials. This issue affects EZD RP all versions before 19.6
{
"affected": [],
"aliases": [
"CVE-2024-7267"
],
"database_specific": {
"cwe_ids": [
"CWE-213"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-07T11:15:46Z",
"severity": "HIGH"
},
"details": "Exposure of Sensitive Information\u00a0vulnerability in Naukowa i Akademicka Sie\u0107 Komputerowa - Pa\u0144stwowy Instytut Badawczy EZD RP allows logged-in user to retrieve information about IP infrastructure and credentials.\u00a0This issue affects EZD RP all versions before 19.6",
"id": "GHSA-cq2c-35gp-j9qc",
"modified": "2025-03-17T09:31:01Z",
"published": "2024-08-07T12:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7267"
},
{
"type": "WEB",
"url": "https://cert.pl/en/posts/2024/08/CVE-2023-7265"
},
{
"type": "WEB",
"url": "https://cert.pl/en/posts/2024/08/CVE-2024-7265"
},
{
"type": "WEB",
"url": "https://cert.pl/posts/2024/08/CVE-2023-7265"
},
{
"type": "WEB",
"url": "https://cert.pl/posts/2024/08/CVE-2024-7265"
},
{
"type": "WEB",
"url": "https://www.gov.pl/web/ezd-rp"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:D/RE:L/U:Green",
"type": "CVSS_V4"
}
]
}
GHSA-F8J4-P5CR-P777
Vulnerability from github – Published: 2025-04-16 15:34 – Updated: 2025-04-17 12:39Impact
A vulnerability in the Backstage permission plugin backend allows callers to extract some information about the conditional decisions returned by the permission policy installed in the permission backend. If the permission system is not in use or if the installed permission policy does not use conditional decisions, there is no impact.
Patches
This issue has been resolved in version 0.6.0 of the permissions backend.
Workarounds
Administrators of the permission policies can ensure that they are crafted in such a way that conditional decisions do not contain any sensitive information.
References
If you have any questions or comments about this advisory:
Open an issue in the Backstage repository Visit our Discord, linked to in Backstage README
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@backstage/plugin-permission-backend"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-32791"
],
"database_specific": {
"cwe_ids": [
"CWE-213"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-16T15:34:21Z",
"nvd_published_at": "2025-04-16T22:15:14Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nA vulnerability in the Backstage permission plugin backend allows callers to extract some information about the conditional decisions returned by the permission policy installed in the permission backend. If the permission system is not in use or if the installed permission policy does not use conditional decisions, there is no impact.\n\n### Patches\n\nThis issue has been resolved in version `0.6.0` of the permissions backend.\n\n### Workarounds\n\nAdministrators of the permission policies can ensure that they are crafted in such a way that conditional decisions do not contain any sensitive information.\n\n### References\n\nIf you have any questions or comments about this advisory:\n\nOpen an issue in the [Backstage repository](https://github.com/backstage/backstage)\nVisit our Discord, linked to in [Backstage README](https://github.com/backstage/backstage)",
"id": "GHSA-f8j4-p5cr-p777",
"modified": "2025-04-17T12:39:25Z",
"published": "2025-04-16T15:34:21Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/backstage/backstage/security/advisories/GHSA-f8j4-p5cr-p777"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32791"
},
{
"type": "PACKAGE",
"url": "https://github.com/backstage/backstage"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Permission policy information leakage in Backstage permission system"
}
GHSA-FJM9-J6WV-MC7W
Vulnerability from github – Published: 2022-04-13 00:00 – Updated: 2022-04-21 00:00SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn't see through relational or OLAP connections. The main impact is the disclosure of company data to people that shouldn't or don't need to have access.
{
"affected": [],
"aliases": [
"CVE-2022-22541"
],
"database_specific": {
"cwe_ids": [
"CWE-213"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-12T17:15:00Z",
"severity": "MODERATE"
},
"details": "SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn\u0027t see through relational or OLAP connections. The main impact is the disclosure of company data to people that shouldn\u0027t or don\u0027t need to have access.",
"id": "GHSA-fjm9-j6wv-mc7w",
"modified": "2022-04-21T00:00:55Z",
"published": "2022-04-13T00:00:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22541"
},
{
"type": "WEB",
"url": "https://launchpad.support.sap.com/#/notes/3137191"
},
{
"type": "WEB",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-J2MX-XC3V-GW3Q
Vulnerability from github – Published: 2024-10-01 12:30 – Updated: 2024-10-01 12:30An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches.
{
"affected": [],
"aliases": [
"CVE-2023-3441"
],
"database_specific": {
"cwe_ids": [
"CWE-213"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-01T10:15:02Z",
"severity": "MODERATE"
},
"details": "An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches.",
"id": "GHSA-j2mx-xc3v-gw3q",
"modified": "2024-10-01T12:30:30Z",
"published": "2024-10-01T12:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3441"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/2033561"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/2041385"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416482"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/417284"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-J73C-62CP-6VQJ
Vulnerability from github – Published: 2024-09-10 06:30 – Updated: 2024-09-10 06:30Under certain conditions Statutory Reports in SAP S/4 HANA allows an attacker with basic privileges to access information which would otherwise be restricted. The vulnerability could expose internal user data that should remain confidential. It does not impact the integrity and availability of the application
{
"affected": [],
"aliases": [
"CVE-2024-44121"
],
"database_specific": {
"cwe_ids": [
"CWE-213"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-10T05:15:11Z",
"severity": "MODERATE"
},
"details": "Under certain conditions Statutory Reports in SAP S/4 HANA allows an attacker with basic privileges to access information which would otherwise be restricted. The vulnerability could expose internal user data that should remain confidential. It does not impact the integrity and availability of the application",
"id": "GHSA-j73c-62cp-6vqj",
"modified": "2024-09-10T06:30:48Z",
"published": "2024-09-10T06:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44121"
},
{
"type": "WEB",
"url": "https://me.sap.com/notes/3437585"
},
{
"type": "WEB",
"url": "https://url.sap/sapsecuritypatchday"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JMH6-3M65-QGMG
Vulnerability from github – Published: 2025-01-18 18:30 – Updated: 2025-01-18 18:30IBM Concert 1.0.0, 1.0.1, and 1.0.2 is vulnerable to sensitive information disclosure through specially crafted API Calls.
{
"affected": [],
"aliases": [
"CVE-2024-49354"
],
"database_specific": {
"cwe_ids": [
"CWE-213"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-18T16:15:39Z",
"severity": "MODERATE"
},
"details": "IBM Concert 1.0.0, 1.0.1, and 1.0.2 is vulnerable to sensitive information disclosure through specially crafted API Calls.",
"id": "GHSA-jmh6-3m65-qgmg",
"modified": "2025-01-18T18:30:47Z",
"published": "2025-01-18T18:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49354"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7174120"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.