CWE-312
AllowedCleartext Storage of Sensitive Information
Abstraction: Base · Status: Draft
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
1017 vulnerabilities reference this CWE, most recent first.
GHSA-74F7-FGMV-4C5M
Vulnerability from github – Published: 2023-01-31 00:30 – Updated: 2023-02-08 15:30On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings.
{
"affected": [],
"aliases": [
"CVE-2022-45897"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-31T00:15:00Z",
"severity": "MODERATE"
},
"details": "On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings.",
"id": "GHSA-74f7-fgmv-4c5m",
"modified": "2023-02-08T15:30:32Z",
"published": "2023-01-31T00:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45897"
},
{
"type": "WEB",
"url": "https://Xerox.com"
},
{
"type": "WEB",
"url": "https://gist.github.com/waffl3ss/eb61d38b5c44131d3586578002c63640#file-cve-2022-45897"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-752M-78X6-Q552
Vulnerability from github – Published: 2025-08-13 18:31 – Updated: 2025-08-13 18:31A sensitive information disclosure vulnerability in Palo Alto Networks Checkov by Prisma® Cloud can result in the cleartext exposure of Prisma Cloud access keys in Checkov's output.
{
"affected": [],
"aliases": [
"CVE-2025-2181"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-13T17:15:27Z",
"severity": "MODERATE"
},
"details": "A sensitive information disclosure vulnerability in Palo Alto Networks Checkov by Prisma\u00ae Cloud can result in the cleartext exposure of\u00a0Prisma Cloud access keys in Checkov\u0027s output.",
"id": "GHSA-752m-78x6-q552",
"modified": "2025-08-13T18:31:24Z",
"published": "2025-08-13T18:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2181"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/CVE-2025-2181"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber",
"type": "CVSS_V4"
}
]
}
GHSA-757G-M98V-6R49
Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2023-10-27 15:43Jenkins Sofy.AI Plugin stores an API token unencrypted in job config.xml files on the Jenkins controller. This token can be viewed by users with Extended Read permission or access to the Jenkins controller file system.
As of publication of this advisory there is no fix.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "io.jenkins.plugins:sofy-ai"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.0.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-10447"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": true,
"github_reviewed_at": "2023-10-27T15:43:23Z",
"nvd_published_at": "2019-10-16T14:15:00Z",
"severity": "MODERATE"
},
"details": "Jenkins Sofy.AI Plugin stores an API token unencrypted in job config.xml files on the Jenkins controller. This token can be viewed by users with Extended Read permission or access to the Jenkins controller file system.\n\nAs of publication of this advisory there is no fix.",
"id": "GHSA-757g-m98v-6r49",
"modified": "2023-10-27T15:43:23Z",
"published": "2022-05-24T16:58:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10447"
},
{
"type": "WEB",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1431"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/10/16/6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Jenkins Sofy.AI Plugin stores API token in plain text "
}
GHSA-75RP-WJF6-546R
Vulnerability from github – Published: 2025-08-13 18:31 – Updated: 2025-08-13 18:31A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK). This issue is only applicable to PA-7500 Series devices which are in an NGFW cluster. A user who possesses this key can read messages being sent between devices in a NGFW Cluster. There is no impact in non-clustered firewalls or clusters of firewalls that do not enable MACsec.
{
"affected": [],
"aliases": [
"CVE-2025-2182"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-13T17:15:27Z",
"severity": "MODERATE"
},
"details": "A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS\u00ae results in the cleartext exposure of the connectivity association key (CAK). This issue is only applicable to PA-7500 Series devices which are in an NGFW cluster.\nA user who possesses this key can read messages being sent between devices in a NGFW Cluster. There is no impact in non-clustered firewalls or clusters of firewalls that do not enable MACsec.",
"id": "GHSA-75rp-wjf6-546r",
"modified": "2025-08-13T18:31:24Z",
"published": "2025-08-13T18:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2182"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/CVE-2025-2182"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:P/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber",
"type": "CVSS_V4"
}
]
}
GHSA-75XC-P7X5-2RWX
Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2022-05-24 17:37GigaVUE-OS (GVOS) 5.4 - 5.9 stores a Redis database password in plaintext.
{
"affected": [],
"aliases": [
"CVE-2020-23249"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-05T22:15:00Z",
"severity": "MODERATE"
},
"details": "GigaVUE-OS (GVOS) 5.4 - 5.9 stores a Redis database password in plaintext.",
"id": "GHSA-75xc-p7x5-2rwx",
"modified": "2022-05-24T17:37:59Z",
"published": "2022-05-24T17:37:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-23249"
},
{
"type": "WEB",
"url": "https://community.gigamon.com/gigamoncp/s/article/Field-Notice-Gigamon-addressing-multiple-vulnerabilities-in-GigaVUE-OS"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-7674-88WR-2FM6
Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2022-05-24 17:42IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose highly sensitive information to a local user due to inproper storage of a plaintext cryptographic key. IBM X-Force ID: 198187.
{
"affected": [],
"aliases": [
"CVE-2021-20408"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-12T17:15:00Z",
"severity": "MODERATE"
},
"details": "IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose highly sensitive information to a local user due to inproper storage of a plaintext cryptographic key. IBM X-Force ID: 198187.",
"id": "GHSA-7674-88wr-2fm6",
"modified": "2022-05-24T17:42:03Z",
"published": "2022-05-24T17:42:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20408"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196187"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6414767"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-778X-386C-73GW
Vulnerability from github – Published: 2021-12-30 00:00 – Updated: 2022-01-08 00:00A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file.
{
"affected": [],
"aliases": [
"CVE-2021-35035"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-29T13:15:00Z",
"severity": "MODERATE"
},
"details": "A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file.",
"id": "GHSA-778x-386c-73gw",
"modified": "2022-01-08T00:00:41Z",
"published": "2021-12-30T00:00:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35035"
},
{
"type": "WEB",
"url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_sensitive_information_vulnerabilities_of_NBG6604_home_router.shtml"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-785W-M3XW-JFP8
Vulnerability from github – Published: 2022-05-24 17:02 – Updated: 2024-04-04 02:40An attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license.
{
"affected": [],
"aliases": [
"CVE-2019-14890"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-26T07:15:00Z",
"severity": "HIGH"
},
"details": "An attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at \u0027/api/v2/config\u0027 when applying the Ansible Tower license.",
"id": "GHSA-785w-m3xw-jfp8",
"modified": "2024-04-04T02:40:46Z",
"published": "2022-05-24T17:02:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14890"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14890"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-796M-4RJR-9MVW
Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2022-05-24 17:35IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.1 discloses sensitive information to an authenticated user from the dashboard UI which could be used in further attacks against the system. IBM X-Force ID: 172753.
{
"affected": [],
"aliases": [
"CVE-2019-4738"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-10T23:15:00Z",
"severity": "MODERATE"
},
"details": "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.1 discloses sensitive information to an authenticated user from the dashboard UI which could be used in further attacks against the system. IBM X-Force ID: 172753.",
"id": "GHSA-796m-4rjr-9mvw",
"modified": "2022-05-24T17:35:59Z",
"published": "2022-05-24T17:35:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-4738"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172753"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6380390"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-7CP5-XC65-XX7H
Vulnerability from github – Published: 2023-06-15 03:30 – Updated: 2024-04-04 04:51IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 228567.
{
"affected": [],
"aliases": [
"CVE-2022-33159"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-15T02:15:09Z",
"severity": "MODERATE"
},
"details": "IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 228567.",
"id": "GHSA-7cp5-xc65-xx7h",
"modified": "2024-04-04T04:51:34Z",
"published": "2023-06-15T03:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33159"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228567"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7001693"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301]
Mitigation
In some systems/environments such as cloud, the use of "double encryption" (at both the software and hardware layer) might be required, and the developer might be solely responsible for both layers, instead of shared responsibility with the administrator of the broader system/environment.
CAPEC-37: Retrieve Embedded Sensitive Data
An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.