Common Weakness Enumeration

CWE-312

Allowed

Cleartext Storage of Sensitive Information

Abstraction: Base · Status: Draft

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

1017 vulnerabilities reference this CWE, most recent first.

GHSA-GG57-587F-H5V6

Vulnerability from github – Published: 2023-12-28 18:30 – Updated: 2024-11-18 16:26
VLAI
Summary
Infinispan caches credentials in clear text
Details

A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.infinispan:infinispan-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "15.0.0.Dev01"
            },
            {
              "fixed": "15.0.0.Dev07"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.infinispan:infinispan-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.0.25.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.infinispan:infinispan-commons"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "15.0.0.Dev01"
            },
            {
              "fixed": "15.0.0.Dev07"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.infinispan:infinispan-commons"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.0.25.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.infinispan:infinispan-hotrod"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "15.0.0.Dev01"
            },
            {
              "fixed": "15.0.0.Dev07"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.infinispan:infinispan-hotrod"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.0.25.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.infinispan:infinispan-client-hotrod"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "15.0.0.Dev01"
            },
            {
              "fixed": "15.0.0.Dev07"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.infinispan:infinispan-client-hotrod"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.0.25.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.infinispan:infinispan-cachestore-jdbc-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "15.0.0.Dev01"
            },
            {
              "fixed": "15.0.0.Dev07"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.infinispan:infinispan-cachestore-jdbc-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.0.25.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.infinispan:infinispan-cachestore-remote"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "15.0.0.Dev01"
            },
            {
              "fixed": "15.0.0.Dev07"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.infinispan:infinispan-cachestore-remote"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.0.25.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.infinispan:infinispan-cachestore-sql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "15.0.0.Dev01"
            },
            {
              "fixed": "15.0.0.Dev07"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.infinispan:infinispan-cachestore-sql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.0.25.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.infinispan:infinispan-cachestore-jdbc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "15.0.0.Dev01"
            },
            {
              "fixed": "15.0.0.Dev07"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.infinispan:infinispan-cachestore-jdbc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.0.25.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-5384"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-09-16T22:00:09Z",
    "nvd_published_at": "2023-12-18T14:15:11Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.",
  "id": "GHSA-gg57-587f-h5v6",
  "modified": "2024-11-18T16:26:33Z",
  "published": "2023-12-28T18:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5384"
    },
    {
      "type": "WEB",
      "url": "https://github.com/infinispan/infinispan/pull/11555"
    },
    {
      "type": "WEB",
      "url": "https://github.com/infinispan/infinispan/pull/11995"
    },
    {
      "type": "WEB",
      "url": "https://github.com/infinispan/infinispan/commit/7140fc9b026ec55786c1aa78bb3cd8bf951fad47"
    },
    {
      "type": "WEB",
      "url": "https://github.com/infinispan/infinispan/commit/fd3e18ec3b1a4e7fcfd79392f5bf78792a2b8c61"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:7676"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-5384"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242156"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/infinispan/infinispan"
    },
    {
      "type": "WEB",
      "url": "https://issues.redhat.com/browse/ISPN-15202"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240125-0004"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Infinispan caches credentials in clear text"
}

GHSA-GH3X-QFRC-M238

Vulnerability from github – Published: 2022-05-13 01:35 – Updated: 2022-05-13 01:35
VLAI
Details

A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The attacker would also have to have access to the internal VLAN where CPS is deployed. The vulnerability is due to incorrect permissions of certain system files and not sufficiently protecting sensitive data that is at rest. An attacker could exploit the vulnerability by using certain tools available on the internal network interface to request and view system files. An exploit could allow the attacker to find out sensitive information about the application. Cisco Bug IDs: CSCvf77666.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-0089"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-18T06:29:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The attacker would also have to have access to the internal VLAN where CPS is deployed. The vulnerability is due to incorrect permissions of certain system files and not sufficiently protecting sensitive data that is at rest. An attacker could exploit the vulnerability by using certain tools available on the internal network interface to request and view system files. An exploit could allow the attacker to find out sensitive information about the application. Cisco Bug IDs: CSCvf77666.",
  "id": "GHSA-gh3x-qfrc-m238",
  "modified": "2022-05-13T01:35:51Z",
  "published": "2022-05-13T01:35:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0089"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cps"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102758"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GH99-56QC-35CC

Vulnerability from github – Published: 2023-08-08 03:30 – Updated: 2024-04-04 06:37
VLAI
Details

In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacker might be able to get access to user credentials. For a successful attack, the attacker needs to have local access to the system. There is no impact on availability and integrity.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-39440"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-08T01:15:20Z",
    "severity": "MODERATE"
  },
  "details": "In SAP BusinessObjects Business Intelligence - version 420,  If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacker might be able to get access to user credentials. For a successful attack, the attacker needs to have local access to the system. There is no impact on availability and integrity.\n\n",
  "id": "GHSA-gh99-56qc-35cc",
  "modified": "2024-04-04T06:37:36Z",
  "published": "2023-08-08T03:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39440"
    },
    {
      "type": "WEB",
      "url": "https://me.sap.com/notes/3312586"
    },
    {
      "type": "WEB",
      "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GHCF-VJ3J-R9V5

Vulnerability from github – Published: 2025-03-18 12:30 – Updated: 2025-03-18 12:30
VLAI
Details

A local user may find a configuration file on the client workstation with unencrypted sensitive data. This allows an attacker to impersonate the device or prevent the device from accessing the cloud portal which leads to a DoS.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-23942"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-311",
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-18T11:15:38Z",
    "severity": "HIGH"
  },
  "details": "A local user may find a configuration file on the client workstation with unencrypted sensitive data. This allows an attacker to impersonate the device or prevent the device from accessing the cloud portal which leads to a DoS.",
  "id": "GHSA-ghcf-vj3j-r9v5",
  "modified": "2025-03-18T12:30:48Z",
  "published": "2025-03-18T12:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23942"
    },
    {
      "type": "WEB",
      "url": "https://cert.vde.com/en/advisories/VDE-2024-010"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GHMH-JHMJ-WCMF

Vulnerability from github – Published: 2026-06-22 22:57 – Updated: 2026-06-22 22:57
VLAI
Summary
nebula-mesh's stores enrollment tokens unhashed in SQLite
Details

internal/store/sqlite.go:1177,1192,1221,1245 — the enrollment_tokens.token column holds the raw UUID token. ConsumeToken does WHERE token = ? against the raw string. Compare with operator_api_keys.key_hash, which is SHA-256 hex (constructed in internal/api/middleware.go:51-53).

Affected

All released versions up to v0.3.0.

Threat model

Read access to nebula-mgmt.db: backup, snapshot, file-system access, future SQL-injection sink. The principle of defense-in-depth: API keys are hashed at rest; enrollment tokens — which grant the same lifecycle authority over a host's identity — are not.

An attacker who reads the DB before a legitimate agent enrolls can consume the single-use token first, mint a cert against their own keypair, and take the agent's intended Nebula identity.

Suggested fix

  1. Schema migration: rename enrollment_tokens.tokentoken_hash (or add the new column and drop the old after backfill of pending rows).
  2. Store SHA-256 of token on create: go sum := sha256.Sum256([]byte(token)) row.TokenHash = hex.EncodeToString(sum[:])
  3. ConsumeToken accepts the raw token, hashes once, looks up by hash, atomically marks consumed.

Side bonus: take this opportunity to switch the token format from uuid.New().String() (122 bits) to hex.EncodeToString(crypto/rand 32 bytes) (256 bits), matching the project's session-token and API-key conventions. UUIDs are recognisable in logs and crash dumps; opaque hex blends in.

TOTP recovery codes appear to already be SHA-256 hashed at rest (internal/web/totp.go:74-78) — confirming that pattern is intentional elsewhere, just missed here.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.3.1"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/juev/nebula-mesh"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-22T22:57:27Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "`internal/store/sqlite.go:1177,1192,1221,1245` \u2014 the `enrollment_tokens.token` column holds the raw UUID token. `ConsumeToken` does `WHERE token = ?` against the raw string. Compare with `operator_api_keys.key_hash`, which is SHA-256 hex (constructed in `internal/api/middleware.go:51-53`).\n\n## Affected\nAll released versions up to v0.3.0.\n\n## Threat model\nRead access to `nebula-mgmt.db`: backup, snapshot, file-system access, future SQL-injection sink. The principle of defense-in-depth: API keys are hashed at rest; enrollment tokens \u2014 which grant the same lifecycle authority over a host\u0027s identity \u2014 are not.\n\nAn attacker who reads the DB before a legitimate agent enrolls can consume the single-use token first, mint a cert against their own keypair, and take the agent\u0027s intended Nebula identity.\n\n## Suggested fix\n1. Schema migration: rename `enrollment_tokens.token` \u2192 `token_hash` (or add the new column and drop the old after backfill of pending rows).\n2. Store SHA-256 of token on create:\n   ```go\n   sum := sha256.Sum256([]byte(token))\n   row.TokenHash = hex.EncodeToString(sum[:])\n   ```\n3. `ConsumeToken` accepts the raw token, hashes once, looks up by hash, atomically marks consumed.\n\nSide bonus: take this opportunity to switch the token format from `uuid.New().String()` (122 bits) to `hex.EncodeToString(crypto/rand 32 bytes)` (256 bits), matching the project\u0027s session-token and API-key conventions. UUIDs are recognisable in logs and crash dumps; opaque hex blends in.\n\nTOTP recovery codes appear to already be SHA-256 hashed at rest (`internal/web/totp.go:74-78`) \u2014 confirming that pattern is intentional elsewhere, just missed here.",
  "id": "GHSA-ghmh-jhmj-wcmf",
  "modified": "2026-06-22T22:57:27Z",
  "published": "2026-06-22T22:57:27Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/juev/nebula-mesh/security/advisories/GHSA-ghmh-jhmj-wcmf"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/juev/nebula-mesh"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "nebula-mesh\u0027s stores enrollment tokens unhashed in SQLite"
}

GHSA-GJ49-89WH-H4GJ

Vulnerability from github – Published: 2026-04-25 23:39 – Updated: 2026-05-13 13:37
VLAI
Summary
Cillium exposes sensitive information included in the cilium-bugtool debug archive
Details

Impact

The output of cilium-bugtool can contain sensitive data when the tool is run against Cilium deployments with WireGuard encryption enabled.

Users of WireGuard Transparent Encryption are affected. The sensitive data is the WireGuard private key (cilium_wg0.key) used for node-to-node encrypted communication

cilium-bugtool is a debugging tool that is typically invoked manually and does not run during the normal operation of a Cilium cluster. It is also invoked when gathering sysdumps using the Cilium CLI's cilium sysdump command.

Patches

This issue affects:

  • Cilium v1.19 between v1.19.0 and v1.19.2 inclusive
  • Cilium v1.18 between v1.18.0 and v1.18.8 inclusive
  • All versions of Cilium prior to v1.17.15

This issue has been patched in:

  • Cilium v1.19.3
  • Cilium v1.18.9
  • Cilium v1.17.15

Workarounds

There is no workaround to this issue.

Users who have previously shared bugtool or sysdump archives from WireGuard-enabled nodes should rotate the WireGuard keys on the affected nodes. This can be done by deleting the key file and restarting the Cilium agent, which will generate a new key pair.

Acknowledgements

The Cilium community has worked together with members of Isovalent to prepare these mitigations. Cillium extends special thanks to @kodareef5 for reporting the issue and @tklauser for their work on triaging and remediating this issue.

For more information

If there are any questions or comments about this advisory, please reach out on Slack.

Cilium strongly encourages the reporting of suspected vulnerabilities to the security mailing list at security@cilium.io. This is a private mailing list for the Cilium security team, and the report will be treated as top priority.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cilium/cilium"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.17.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cilium/cilium"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.18.0"
            },
            {
              "fixed": "1.18.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cilium/cilium"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.19.0"
            },
            {
              "fixed": "1.19.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-41520"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-312"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-25T23:39:37Z",
    "nvd_published_at": "2026-05-08T23:16:35Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nThe output of `cilium-bugtool` can contain sensitive data when the tool is run against Cilium deployments with WireGuard encryption enabled.\n\nUsers of [WireGuard Transparent Encryption](https://docs.cilium.io/en/stable/security/network/encryption-wireguard/) are affected.\nThe sensitive data is  the WireGuard private key (`cilium_wg0.key`) used for node-to-node encrypted communication\n\n`cilium-bugtool` is a debugging tool that is typically invoked manually and does not run during the normal operation of a Cilium cluster. It is also invoked when gathering sysdumps using the Cilium CLI\u0027s `cilium sysdump` command.\n\n### Patches\nThis issue affects:\n\n- Cilium v1.19 between v1.19.0 and v1.19.2 inclusive\n- Cilium v1.18 between v1.18.0 and v1.18.8 inclusive\n- All versions of Cilium prior to v1.17.15\n\nThis issue has been patched in:\n\n- Cilium v1.19.3\n- Cilium v1.18.9\n- Cilium v1.17.15\n\n\n### Workarounds\nThere is no workaround to this issue.\n\nUsers who have previously shared bugtool or sysdump archives from WireGuard-enabled nodes should rotate the WireGuard keys on the affected nodes. This can be done by deleting the key file and restarting the Cilium agent, which will generate a new key pair.\n\n### Acknowledgements\n\nThe Cilium community has worked together with members of Isovalent to prepare these mitigations. Cillium extends special thanks to @kodareef5  for reporting the issue and  @tklauser for their work on triaging and remediating this issue.\n\n### For more information\n\nIf there are any questions or comments about this advisory, please reach out on [Slack](https://docs.cilium.io/en/latest/community/community/).\n\nCilium strongly encourages the reporting of suspected vulnerabilities to the security mailing list at [security@cilium.io](mailto:security@cilium.io). This is a private mailing list for the Cilium security team, and the report will be treated as top priority.",
  "id": "GHSA-gj49-89wh-h4gj",
  "modified": "2026-05-13T13:37:56Z",
  "published": "2026-04-25T23:39:37Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/cilium/cilium/security/advisories/GHSA-gj49-89wh-h4gj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41520"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cilium/cilium"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cilium/cilium/releases/tag/v1.17.15"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cilium/cilium/releases/tag/v1.18.9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cilium/cilium/releases/tag/v1.19.3"
    },
    {
      "type": "WEB",
      "url": "http://docs.cilium.io/en/stable/security/network/encryption-wireguard"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Cillium exposes sensitive information included in the cilium-bugtool debug archive"
}

GHSA-GM3P-CXXM-PHR6

Vulnerability from github – Published: 2024-03-20 15:32 – Updated: 2024-08-03 21:30
VLAI
Details

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Cleartext passwords and hashes are exposed through log files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-22084"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-20T05:15:45Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Cleartext passwords and hashes are exposed through log files.",
  "id": "GHSA-gm3p-cxxm-phr6",
  "modified": "2024-08-03T21:30:33Z",
  "published": "2024-03-20T15:32:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22084"
    },
    {
      "type": "WEB",
      "url": "https://www.elspec-ltd.com/support/security-advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GMXW-F223-9JX2

Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2022-05-13 01:04
VLAI
Details

The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-5537"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-08-03T01:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566.",
  "id": "GHSA-gmxw-f223-9jx2",
  "modified": "2022-05-13T01:04:06Z",
  "published": "2022-05-13T01:04:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5537"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-202-03A"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033022"
    },
    {
      "type": "WEB",
      "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-396873.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-GQ57-6X2P-WRX3

Vulnerability from github – Published: 2025-02-14 06:30 – Updated: 2025-08-26 21:31
VLAI
Details

CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. The vulnerability could allow an authenticated, local attacker to view Brocade Fabric OS switch sensitive information in clear text. An attacker with administrative privileges could retrieve sensitive information including passwords; SNMP responses that contain AuthSecret and PrivSecret after collecting a “supportsave” or getting access to an already collected “supportsave”. NOTE: this issue exists because of an incomplete fix for CVE-2024-29952

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-10404"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-14T04:15:07Z",
    "severity": "MODERATE"
  },
  "details": "CalInvocationHandler in Brocade \nSANnav before 2.3.1b logs sensitive information in clear text. The \nvulnerability could allow an authenticated, local attacker to view \nBrocade Fabric OS switch sensitive information in clear text. An \nattacker with administrative privileges could retrieve sensitive \ninformation including passwords; SNMP responses that contain AuthSecret \nand PrivSecret after collecting a \u201csupportsave\u201d or getting access to an \nalready collected \u201csupportsave\u201d. NOTE: this issue exists because of an incomplete fix for CVE-2024-29952",
  "id": "GHSA-gq57-6x2p-wrx3",
  "modified": "2025-08-26T21:31:05Z",
  "published": "2025-02-14T06:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10404"
    },
    {
      "type": "WEB",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25403"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GQM3-6H45-Q66X

Vulnerability from github – Published: 2022-04-30 18:18 – Updated: 2024-02-10 03:30
VLAI
Details

Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-site scripting attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2001-1536"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2001-12-31T05:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-site scripting attack.",
  "id": "GHSA-gqm3-6h45-q66x",
  "modified": "2024-02-10T03:30:17Z",
  "published": "2022-04-30T18:18:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2001-1536"
    },
    {
      "type": "WEB",
      "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-11/0225.html"
    },
    {
      "type": "WEB",
      "url": "http://www.iss.net/security_center/static/7621.php"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/3587"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301]

Mitigation
Implementation System Configuration Operation

In some systems/environments such as cloud, the use of "double encryption" (at both the software and hardware layer) might be required, and the developer might be solely responsible for both layers, instead of shared responsibility with the administrator of the broader system/environment.

CAPEC-37: Retrieve Embedded Sensitive Data

An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.