CWE-312
AllowedCleartext Storage of Sensitive Information
Abstraction: Base · Status: Draft
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
1017 vulnerabilities reference this CWE, most recent first.
GHSA-M43G-M425-P68X
Vulnerability from github – Published: 2025-07-01 22:59 – Updated: 2025-07-01 22:59Summary
This vulnerability affects JUnit's support for writing Open Test Reporting XML files which is an opt-in feature of junit-platform-reporting.
If a repository is cloned using a GitHub token or other credentials in its URL, for example:
git clone https://${GH_APP}:${GH_TOKEN}@github.com/example/example.git
The credentials are captured by OpenTestReportGeneratingListener which produces (trimmed for brevity):
<infrastructure>
<git:repository originUrl="https://username:token@github.com/example/example.git" />
</infrastructure>
Details
https://github.com/junit-team/junit5/blob/6b7764dac92fd35cb348152d1b37f8726875a4e0/junit-platform-reporting/src/main/java/org/junit/platform/reporting/open/xml/OpenTestReportGeneratingListener.java#L183
I think this should be configurable in some way to exclude select git information or exclude it entirely.
PoC
- Clone a repo using a GitHub token as shown above.
- Enable the listener
junit.platform.reporting.open.xml.enabled=true - Observe report captures credentials
Impact
Depending on the level of access of the token, it can be nothing, limited, or everything.
If these test reports are published or stored anywhere public, then there is the possibility that a rouge attacker can steal the token and perform elevated actions by impersonating the user or app.
Resolution
JUnit 5.13.2 and later replace credentials in the URL with ***. Moreover, including any Git metadata in the XML output is now an opt-in feature that can be enabled via the new junit.platform.reporting.open.xml.git.enabled=true configuration parameter but is not included by default.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 5.13.1"
},
"package": {
"ecosystem": "Maven",
"name": "org.junit.platform:junit-platform-reporting"
},
"ranges": [
{
"events": [
{
"introduced": "5.12.0"
},
{
"fixed": "5.13.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-53103"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": true,
"github_reviewed_at": "2025-07-01T22:59:43Z",
"nvd_published_at": "2025-07-01T18:15:25Z",
"severity": "MODERATE"
},
"details": "### Summary\n\nThis vulnerability affects JUnit\u0027s support for writing Open Test Reporting XML files which is an opt-in feature of `junit-platform-reporting`.\n\nIf a repository is cloned using a GitHub token or other credentials in its URL, for example:\n\n```bash\ngit clone https://${GH_APP}:${GH_TOKEN}@github.com/example/example.git\n```\n\nThe credentials are captured by `OpenTestReportGeneratingListener` which produces (trimmed for brevity):\n\n```xml\n\u003cinfrastructure\u003e\n \u003cgit:repository originUrl=\"https://username:token@github.com/example/example.git\" /\u003e\n\u003c/infrastructure\u003e\n```\n\n### Details\n\nhttps://github.com/junit-team/junit5/blob/6b7764dac92fd35cb348152d1b37f8726875a4e0/junit-platform-reporting/src/main/java/org/junit/platform/reporting/open/xml/OpenTestReportGeneratingListener.java#L183\n\nI think this should be configurable in some way to exclude select git information or exclude it entirely.\n\n### PoC\n\n1. Clone a repo using a GitHub token as shown above.\n2. Enable the listener `junit.platform.reporting.open.xml.enabled=true`\n3. Observe report captures credentials\n\n### Impact\n\nDepending on the level of access of the token, it can be nothing, limited, or everything.\n\nIf these test reports are published or stored anywhere public, then there is the possibility that a rouge attacker can steal the token and perform elevated actions by impersonating the user or app.\n\n### Resolution\n\nJUnit 5.13.2 and later replace credentials in the URL with `***`. Moreover, including any Git metadata in the XML output is now an opt-in feature that can be enabled via the new `junit.platform.reporting.open.xml.git.enabled=true` configuration parameter but is not included by default.",
"id": "GHSA-m43g-m425-p68x",
"modified": "2025-07-01T22:59:43Z",
"published": "2025-07-01T22:59:43Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/junit-team/junit-framework/security/advisories/GHSA-m43g-m425-p68x"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53103"
},
{
"type": "WEB",
"url": "https://github.com/junit-team/junit-framework/commit/d4fc834c8c1c0b3168cd030c13551d1d041f51bc"
},
{
"type": "PACKAGE",
"url": "https://github.com/junit-team/junit-framework"
},
{
"type": "WEB",
"url": "https://github.com/junit-team/junit-framework/blob/6b7764dac92fd35cb348152d1b37f8726875a4e0/junit-platform-reporting/src/main/java/org/junit/platform/reporting/open/xml/OpenTestReportGeneratingListener.java#L183"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "junit-platform-reporting can leak Git credentials through its OpenTestReportGeneratingListener "
}
GHSA-M4F3-XVJ4-9R9F
Vulnerability from github – Published: 2023-06-21 18:31 – Updated: 2024-04-04 04:59An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API.
{
"affected": [],
"aliases": [
"CVE-2023-27243"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-21T16:15:11Z",
"severity": "HIGH"
},
"details": "An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API.",
"id": "GHSA-m4f3-xvj4-9r9f",
"modified": "2024-04-04T04:59:21Z",
"published": "2023-06-21T18:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27243"
},
{
"type": "WEB",
"url": "https://pastebin.com/L5BkBeEE"
},
{
"type": "WEB",
"url": "http://dcap.com"
},
{
"type": "WEB",
"url": "http://makves.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M4WH-848J-9W2R
Vulnerability from github – Published: 2022-05-24 17:01 – Updated: 2022-10-07 21:52A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.2. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "katello"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0.0"
},
{
"fixed": "3.12.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-14825"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": true,
"github_reviewed_at": "2022-10-07T21:52:28Z",
"nvd_published_at": "2019-11-25T16:15:00Z",
"severity": "LOW"
},
"details": "A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.2. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.",
"id": "GHSA-m4wh-848j-9w2r",
"modified": "2022-10-07T21:52:28Z",
"published": "2022-05-24T17:01:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14825"
},
{
"type": "WEB",
"url": "https://github.com/Katello/katello/pull/8244"
},
{
"type": "WEB",
"url": "https://github.com/Katello/katello/pull/8253"
},
{
"type": "WEB",
"url": "https://github.com/Katello/katello/commit/332484232b66b7907a8104a19ea97eb697b75c79"
},
{
"type": "WEB",
"url": "https://github.com/Katello/katello/commit/4eefa678a905140620ca8b390d48fe318d36e4ea"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3172"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2019-14825"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730668"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1739485"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14825"
},
{
"type": "PACKAGE",
"url": "https://github.com/Katello/katello"
},
{
"type": "WEB",
"url": "https://github.com/Katello/katello/commits/3.12.2"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2019-14825.yml"
},
{
"type": "WEB",
"url": "https://projects.theforeman.org/issues/27485"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Katello cleartext password storage issue"
}
GHSA-M6MC-JPFQ-VW85
Vulnerability from github – Published: 2026-01-23 12:30 – Updated: 2026-01-23 12:30Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
{
"affected": [],
"aliases": [
"CVE-2026-22276"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-23T10:15:53Z",
"severity": "MODERATE"
},
"details": "Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.",
"id": "GHSA-m6mc-jpfq-vw85",
"modified": "2026-01-23T12:30:28Z",
"published": "2026-01-23T12:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22276"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000415880/dsa-2026-047-security-update-for-dell-ecs-and-objectscale-multiple-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M73W-F4GH-H9G2
Vulnerability from github – Published: 2024-05-14 18:30 – Updated: 2024-11-25 06:34An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs.
{
"affected": [],
"aliases": [
"CVE-2024-4840"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T15:45:17Z",
"severity": "MODERATE"
},
"details": "An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs.",
"id": "GHSA-m73w-f4gh-h9g2",
"modified": "2024-11-25T06:34:57Z",
"published": "2024-05-14T18:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4840"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:9978"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-4840"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280249"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M797-G8F3-8VQ7
Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-05-24 19:04Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header.
{
"affected": [],
"aliases": [
"CVE-2020-15384"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-09T16:15:00Z",
"severity": "MODERATE"
},
"details": "Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header.",
"id": "GHSA-m797-g8f3-8vq7",
"modified": "2022-05-24T19:04:32Z",
"published": "2022-05-24T19:04:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15384"
},
{
"type": "WEB",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1485"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-M84G-FPM8-MQG8
Vulnerability from github – Published: 2026-02-24 18:31 – Updated: 2026-02-24 18:31Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can recover the plaintext password.
{
"affected": [],
"aliases": [
"CVE-2026-27520"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-24T16:24:09Z",
"severity": "HIGH"
},
"details": "Binardat 10G08-0800GSM network switch firmware versions prior to\u00a0V300SP10260209\u00a0store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can recover the plaintext password.",
"id": "GHSA-m84g-fpm8-mqg8",
"modified": "2026-02-24T18:31:02Z",
"published": "2026-02-24T18:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27520"
},
{
"type": "WEB",
"url": "https://www.binardat.com/products/8-port-10-gigabit-sfp-managed-switch,-support-1g-sfp-and-10g-sfp-module,-160gbps-bandwidth,-l3-web-managed,-metal-fanless-fiber-binardat-network-switch"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/binardat-10g08-0800gsm-network-switch-base64-encoded-password-stored-in-cookie"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-M8GR-4MC5-GM9V
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34EasyLobby Solo could allow a local attacker to obtain sensitive information, caused by the storing of the social security number in plaintext. By visiting the kiosk and viewing the Visitor table of the database, an attacker could exploit this vulnerability to view stored social security numbers.
{
"affected": [],
"aliases": [
"CVE-2018-17489"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-03-21T16:00:00Z",
"severity": "MODERATE"
},
"details": "EasyLobby Solo could allow a local attacker to obtain sensitive information, caused by the storing of the social security number in plaintext. By visiting the kiosk and viewing the Visitor table of the database, an attacker could exploit this vulnerability to view stored social security numbers.",
"id": "GHSA-m8gr-4mc5-gm9v",
"modified": "2022-05-13T01:34:03Z",
"published": "2022-05-13T01:34:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17489"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149649"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M9WG-W5MF-5PW9
Vulnerability from github – Published: 2024-12-09 18:31 – Updated: 2024-12-11 18:30Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information.
{
"affected": [],
"aliases": [
"CVE-2024-40582"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-09T16:15:22Z",
"severity": "HIGH"
},
"details": "Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information.",
"id": "GHSA-m9wg-w5mf-5pw9",
"modified": "2024-12-11T18:30:41Z",
"published": "2024-12-09T18:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40582"
},
{
"type": "WEB",
"url": "https://medium.com/@vishnuchttrj/exploiting-vms-vulnerabilities-to-access-confidential-data-cve-2024-40582-cve-2024-40583-60d957933b78"
},
{
"type": "WEB",
"url": "http://curovms.com"
},
{
"type": "WEB",
"url": "http://pentaminds.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MCMJ-Q426-5FCX
Vulnerability from github – Published: 2025-04-01 06:30 – Updated: 2025-04-01 06:30Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords.
{
"affected": [],
"aliases": [
"CVE-2025-0418"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-01T04:15:39Z",
"severity": "MODERATE"
},
"details": "Valmet DNA user passwords in plain text.\u00a0This practice poses a security risk as attackers who gain access to local project data can read the passwords.",
"id": "GHSA-mcmj-q426-5fcx",
"modified": "2025-04-01T06:30:44Z",
"published": "2025-04-01T06:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0418"
},
{
"type": "WEB",
"url": "https://www.valmet.com/about-us/about/research-and-development/vulnerabilityadvisories/cve-2025-0418"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:D/RE:L/U:Green",
"type": "CVSS_V4"
}
]
}
Mitigation
When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301]
Mitigation
In some systems/environments such as cloud, the use of "double encryption" (at both the software and hardware layer) might be required, and the developer might be solely responsible for both layers, instead of shared responsibility with the administrator of the broader system/environment.
CAPEC-37: Retrieve Embedded Sensitive Data
An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.