Common Weakness Enumeration

CWE-312

Allowed

Cleartext Storage of Sensitive Information

Abstraction: Base · Status: Draft

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

1017 vulnerabilities reference this CWE, most recent first.

GHSA-3WG5-X88W-52FJ

Vulnerability from github – Published: 2024-10-09 18:31 – Updated: 2024-10-17 06:30
VLAI
Details

A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-9466"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312",
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-09T17:15:20Z",
    "severity": "HIGH"
  },
  "details": "A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials.",
  "id": "GHSA-3wg5-x88w-52fj",
  "modified": "2024-10-17T06:30:32Z",
  "published": "2024-10-09T18:31:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9466"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/PAN-SA-2024-0010"
    },
    {
      "type": "WEB",
      "url": "https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Red",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-3X9H-3P7M-33M7

Vulnerability from github – Published: 2022-05-17 04:56 – Updated: 2025-03-13 19:18
VLAI
Summary
Jenkins SonarQube Plugin Stores Passwords in Cleartext
Details

The Jenkins Plugin for SonarQube 3.7 and earlier allows remote authenticated users to obtain sensitive information (cleartext passwords) by reading the value in the sonar.sonarPassword parameter from jenkins/configure.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:sonar"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "3.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2013-5676"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-13T19:18:38Z",
    "nvd_published_at": "2013-12-13T18:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The Jenkins Plugin for SonarQube 3.7 and earlier allows remote authenticated users to obtain sensitive information (cleartext passwords) by reading the value in the sonar.sonarPassword parameter from jenkins/configure.",
  "id": "GHSA-3x9h-3p7m-33m7",
  "modified": "2025-03-13T19:18:38Z",
  "published": "2022-05-17T04:56:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5676"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/sonarqube-plugin"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2013/Dec/37"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Jenkins SonarQube Plugin Stores Passwords in Cleartext"
}

GHSA-3X9J-7F53-54F5

Vulnerability from github – Published: 2024-12-05 15:31 – Updated: 2024-12-05 15:31
VLAI
Details

This vulnerability exists in the Tinxy mobile app due to storage of logged-in user information in plaintext on the device database. An attacker with physical access to the rooted device could exploit this vulnerability by accessing its database leading to unauthorized access of user information such as username, email address and mobile number.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-12094"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-05T13:15:05Z",
    "severity": "MODERATE"
  },
  "details": "This vulnerability exists in the Tinxy mobile app due to storage of logged-in user information in plaintext on the device database. An attacker with physical access to the rooted device could exploit this vulnerability by accessing its database leading to unauthorized access of user information such as username, email address and mobile number.",
  "id": "GHSA-3x9j-7f53-54f5",
  "modified": "2024-12-05T15:31:01Z",
  "published": "2024-12-05T15:31:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12094"
    },
    {
      "type": "WEB",
      "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2024-0355"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-42WF-QRFC-C5M5

Vulnerability from github – Published: 2022-05-24 17:10 – Updated: 2024-01-09 12:30
VLAI
Details

A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The FTP service of the SiNVR 3 Central Control Server (CCS) maintains a log file that stores login credentials in cleartext. In configurations where the FTP service is enabled, authenticated remote attackers could extract login credentials of other users of the service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-19291"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312",
      "CWE-313"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-03-10T20:15:00Z",
    "severity": "LOW"
  },
  "details": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The FTP service of the SiNVR 3 Central Control Server (CCS) maintains a log file that stores login credentials in cleartext. In configurations where the FTP service is enabled, authenticated remote attackers could extract login credentials of other users of the service.",
  "id": "GHSA-42wf-qrfc-c5m5",
  "modified": "2024-01-09T12:30:35Z",
  "published": "2022-05-24T17:10:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19291"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4328-WGFC-675C

Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2022-05-24 17:37
VLAI
Details

NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-13473"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-28T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file.",
  "id": "GHSA-4328-wgfc-675c",
  "modified": "2022-05-24T17:37:22Z",
  "published": "2022-05-24T17:37:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13473"
    },
    {
      "type": "WEB",
      "url": "https://cvewalkthrough.com/cve-2020-13473-nch-account-clear-text-password-storage"
    },
    {
      "type": "WEB",
      "url": "https://tejaspingulkar.blogspot.com/2020/12/cve-2020-13473-nch-account-clear-text.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-4332-PV86-8249

Vulnerability from github – Published: 2025-10-10 09:30 – Updated: 2025-10-10 09:30
VLAI
Details

Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access sensitive data. User interaction is required for triggering this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21061"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-10T07:15:42Z",
    "severity": "HIGH"
  },
  "details": "Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access sensitive data. User interaction is required for triggering this vulnerability.",
  "id": "GHSA-4332-pv86-8249",
  "modified": "2025-10-10T09:30:48Z",
  "published": "2025-10-10T09:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21061"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-433P-QQ24-G8Q3

Vulnerability from github – Published: 2025-06-26 21:31 – Updated: 2025-06-26 21:31
VLAI
Details

Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication, potentially leading to unauthorised access or data tampering.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-48463"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-24T03:15:33Z",
    "severity": "LOW"
  },
  "details": "Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication, potentially leading to unauthorised access or data tampering.",
  "id": "GHSA-433p-qq24-g8q3",
  "modified": "2025-06-26T21:31:04Z",
  "published": "2025-06-26T21:31:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48463"
    },
    {
      "type": "WEB",
      "url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-43CG-C28C-82HQ

Vulnerability from github – Published: 2022-09-30 00:00 – Updated: 2022-10-01 00:00
VLAI
Details

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-1931"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-29T03:15:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.",
  "id": "GHSA-43cg-c28c-82hq",
  "modified": "2022-10-01T00:00:26Z",
  "published": "2022-09-30T00:00:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1931"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00051.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00014.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1485.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1486.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1488.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1544.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1604.html"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV75182"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962302"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/75985"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-43MV-F787-VP98

Vulnerability from github – Published: 2022-05-01 23:41 – Updated: 2024-02-14 18:30
VLAI
Details

phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2008-1567"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-03-31T22:44:00Z",
    "severity": "LOW"
  },
  "details": "phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.",
  "id": "GHSA-43mv-f787-vp98",
  "modified": "2024-02-14T18:30:23Z",
  "published": "2022-05-01T23:41:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1567"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41541"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00031.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00080.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29588"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29613"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29964"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30816"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32834"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33822"
    },
    {
      "type": "WEB",
      "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1909711\u0026group_id=23067\u0026atid=377408"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1557"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:131"
    },
    {
      "type": "WEB",
      "url": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/28560"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1037/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-45HR-8GQ6-7F7F

Vulnerability from github – Published: 2025-07-09 18:30 – Updated: 2025-11-05 20:02
VLAI
Summary
Jenkins Nouvola DiveCloud Plugin vulnerability stores unencrypted credentials
Details

Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:nouvola-divecloud"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.08"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-53670"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-07-09T21:44:10Z",
    "nvd_published_at": "2025-07-09T16:15:26Z",
    "severity": "MODERATE"
  },
  "details": "Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.",
  "id": "GHSA-45hr-8gq6-7f7f",
  "modified": "2025-11-05T20:02:20Z",
  "published": "2025-07-09T18:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53670"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/nouvola-divecloud-plugin"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3526"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/07/09/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Jenkins Nouvola DiveCloud Plugin vulnerability stores unencrypted credentials"
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301]

Mitigation
Implementation System Configuration Operation

In some systems/environments such as cloud, the use of "double encryption" (at both the software and hardware layer) might be required, and the developer might be solely responsible for both layers, instead of shared responsibility with the administrator of the broader system/environment.

CAPEC-37: Retrieve Embedded Sensitive Data

An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.