Common Weakness Enumeration

CWE-312

Allowed

Cleartext Storage of Sensitive Information

Abstraction: Base · Status: Draft

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

1017 vulnerabilities reference this CWE, most recent first.

GHSA-M43G-M425-P68X

Vulnerability from github – Published: 2025-07-01 22:59 – Updated: 2025-07-01 22:59
VLAI
Summary
junit-platform-reporting can leak Git credentials through its OpenTestReportGeneratingListener
Details

Summary

This vulnerability affects JUnit's support for writing Open Test Reporting XML files which is an opt-in feature of junit-platform-reporting.

If a repository is cloned using a GitHub token or other credentials in its URL, for example:

git clone https://${GH_APP}:${GH_TOKEN}@github.com/example/example.git

The credentials are captured by OpenTestReportGeneratingListener which produces (trimmed for brevity):

<infrastructure>
    <git:repository originUrl="https://username:token@github.com/example/example.git" />
</infrastructure>

Details

https://github.com/junit-team/junit5/blob/6b7764dac92fd35cb348152d1b37f8726875a4e0/junit-platform-reporting/src/main/java/org/junit/platform/reporting/open/xml/OpenTestReportGeneratingListener.java#L183

I think this should be configurable in some way to exclude select git information or exclude it entirely.

PoC

  1. Clone a repo using a GitHub token as shown above.
  2. Enable the listener junit.platform.reporting.open.xml.enabled=true
  3. Observe report captures credentials

Impact

Depending on the level of access of the token, it can be nothing, limited, or everything.

If these test reports are published or stored anywhere public, then there is the possibility that a rouge attacker can steal the token and perform elevated actions by impersonating the user or app.

Resolution

JUnit 5.13.2 and later replace credentials in the URL with ***. Moreover, including any Git metadata in the XML output is now an opt-in feature that can be enabled via the new junit.platform.reporting.open.xml.git.enabled=true configuration parameter but is not included by default.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 5.13.1"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.junit.platform:junit-platform-reporting"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.12.0"
            },
            {
              "fixed": "5.13.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-53103"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-07-01T22:59:43Z",
    "nvd_published_at": "2025-07-01T18:15:25Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\n\nThis vulnerability affects JUnit\u0027s support for writing Open Test Reporting XML files which is an opt-in feature of `junit-platform-reporting`.\n\nIf a repository is cloned using a GitHub token or other credentials in its URL, for example:\n\n```bash\ngit clone https://${GH_APP}:${GH_TOKEN}@github.com/example/example.git\n```\n\nThe credentials are captured by `OpenTestReportGeneratingListener` which produces (trimmed for brevity):\n\n```xml\n\u003cinfrastructure\u003e\n    \u003cgit:repository originUrl=\"https://username:token@github.com/example/example.git\" /\u003e\n\u003c/infrastructure\u003e\n```\n\n### Details\n\nhttps://github.com/junit-team/junit5/blob/6b7764dac92fd35cb348152d1b37f8726875a4e0/junit-platform-reporting/src/main/java/org/junit/platform/reporting/open/xml/OpenTestReportGeneratingListener.java#L183\n\nI think this should be configurable in some way to exclude select git information or exclude it entirely.\n\n### PoC\n\n1. Clone a repo using a GitHub token as shown above.\n2. Enable the listener `junit.platform.reporting.open.xml.enabled=true`\n3. Observe report captures credentials\n\n### Impact\n\nDepending on the level of access of the token, it can be nothing, limited, or everything.\n\nIf these test reports are published or stored anywhere public, then there is the possibility that a rouge attacker can steal the token and perform elevated actions by impersonating the user or app.\n\n### Resolution\n\nJUnit 5.13.2 and later replace credentials in the URL with `***`. Moreover, including any Git metadata in the XML output is now an opt-in feature that can be enabled via the new `junit.platform.reporting.open.xml.git.enabled=true` configuration parameter but is not included by default.",
  "id": "GHSA-m43g-m425-p68x",
  "modified": "2025-07-01T22:59:43Z",
  "published": "2025-07-01T22:59:43Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/junit-team/junit-framework/security/advisories/GHSA-m43g-m425-p68x"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53103"
    },
    {
      "type": "WEB",
      "url": "https://github.com/junit-team/junit-framework/commit/d4fc834c8c1c0b3168cd030c13551d1d041f51bc"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/junit-team/junit-framework"
    },
    {
      "type": "WEB",
      "url": "https://github.com/junit-team/junit-framework/blob/6b7764dac92fd35cb348152d1b37f8726875a4e0/junit-platform-reporting/src/main/java/org/junit/platform/reporting/open/xml/OpenTestReportGeneratingListener.java#L183"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "junit-platform-reporting can leak Git credentials through its OpenTestReportGeneratingListener "
}

GHSA-M4F3-XVJ4-9R9F

Vulnerability from github – Published: 2023-06-21 18:31 – Updated: 2024-04-04 04:59
VLAI
Details

An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-27243"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-21T16:15:11Z",
    "severity": "HIGH"
  },
  "details": "An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API.",
  "id": "GHSA-m4f3-xvj4-9r9f",
  "modified": "2024-04-04T04:59:21Z",
  "published": "2023-06-21T18:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27243"
    },
    {
      "type": "WEB",
      "url": "https://pastebin.com/L5BkBeEE"
    },
    {
      "type": "WEB",
      "url": "http://dcap.com"
    },
    {
      "type": "WEB",
      "url": "http://makves.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M4WH-848J-9W2R

Vulnerability from github – Published: 2022-05-24 17:01 – Updated: 2022-10-07 21:52
VLAI
Summary
Katello cleartext password storage issue
Details

A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.2. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "katello"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0.0"
            },
            {
              "fixed": "3.12.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-14825"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-10-07T21:52:28Z",
    "nvd_published_at": "2019-11-25T16:15:00Z",
    "severity": "LOW"
  },
  "details": "A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.2. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.",
  "id": "GHSA-m4wh-848j-9w2r",
  "modified": "2022-10-07T21:52:28Z",
  "published": "2022-05-24T17:01:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14825"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Katello/katello/pull/8244"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Katello/katello/pull/8253"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Katello/katello/commit/332484232b66b7907a8104a19ea97eb697b75c79"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Katello/katello/commit/4eefa678a905140620ca8b390d48fe318d36e4ea"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:3172"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2019-14825"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730668"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1739485"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14825"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Katello/katello"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Katello/katello/commits/3.12.2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2019-14825.yml"
    },
    {
      "type": "WEB",
      "url": "https://projects.theforeman.org/issues/27485"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Katello cleartext password storage issue"
}

GHSA-M6MC-JPFQ-VW85

Vulnerability from github – Published: 2026-01-23 12:30 – Updated: 2026-01-23 12:30
VLAI
Details

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-22276"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-23T10:15:53Z",
    "severity": "MODERATE"
  },
  "details": "Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.",
  "id": "GHSA-m6mc-jpfq-vw85",
  "modified": "2026-01-23T12:30:28Z",
  "published": "2026-01-23T12:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22276"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000415880/dsa-2026-047-security-update-for-dell-ecs-and-objectscale-multiple-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M73W-F4GH-H9G2

Vulnerability from github – Published: 2024-05-14 18:30 – Updated: 2024-11-25 06:34
VLAI
Details

An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-4840"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-14T15:45:17Z",
    "severity": "MODERATE"
  },
  "details": "An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs.",
  "id": "GHSA-m73w-f4gh-h9g2",
  "modified": "2024-11-25T06:34:57Z",
  "published": "2024-05-14T18:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4840"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:9978"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-4840"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280249"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M797-G8F3-8VQ7

Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-05-24 19:04
VLAI
Details

Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-15384"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-09T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Brocade SANNav before version 2.1.1 contains an information disclosure vulnerability. Successful exploitation of internal server information in the initial login response header.",
  "id": "GHSA-m797-g8f3-8vq7",
  "modified": "2022-05-24T19:04:32Z",
  "published": "2022-05-24T19:04:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15384"
    },
    {
      "type": "WEB",
      "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1485"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-M84G-FPM8-MQG8

Vulnerability from github – Published: 2026-02-24 18:31 – Updated: 2026-02-24 18:31
VLAI
Details

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can recover the plaintext password.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-27520"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-24T16:24:09Z",
    "severity": "HIGH"
  },
  "details": "Binardat 10G08-0800GSM network switch firmware versions prior to\u00a0V300SP10260209\u00a0store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can recover the plaintext password.",
  "id": "GHSA-m84g-fpm8-mqg8",
  "modified": "2026-02-24T18:31:02Z",
  "published": "2026-02-24T18:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27520"
    },
    {
      "type": "WEB",
      "url": "https://www.binardat.com/products/8-port-10-gigabit-sfp-managed-switch,-support-1g-sfp-and-10g-sfp-module,-160gbps-bandwidth,-l3-web-managed,-metal-fanless-fiber-binardat-network-switch"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/binardat-10g08-0800gsm-network-switch-base64-encoded-password-stored-in-cookie"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-M8GR-4MC5-GM9V

Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34
VLAI
Details

EasyLobby Solo could allow a local attacker to obtain sensitive information, caused by the storing of the social security number in plaintext. By visiting the kiosk and viewing the Visitor table of the database, an attacker could exploit this vulnerability to view stored social security numbers.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-17489"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-03-21T16:00:00Z",
    "severity": "MODERATE"
  },
  "details": "EasyLobby Solo could allow a local attacker to obtain sensitive information, caused by the storing of the social security number in plaintext. By visiting the kiosk and viewing the Visitor table of the database, an attacker could exploit this vulnerability to view stored social security numbers.",
  "id": "GHSA-m8gr-4mc5-gm9v",
  "modified": "2022-05-13T01:34:03Z",
  "published": "2022-05-13T01:34:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17489"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149649"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M9WG-W5MF-5PW9

Vulnerability from github – Published: 2024-12-09 18:31 – Updated: 2024-12-11 18:30
VLAI
Details

Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-40582"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-09T16:15:22Z",
    "severity": "HIGH"
  },
  "details": "Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information.",
  "id": "GHSA-m9wg-w5mf-5pw9",
  "modified": "2024-12-11T18:30:41Z",
  "published": "2024-12-09T18:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40582"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/@vishnuchttrj/exploiting-vms-vulnerabilities-to-access-confidential-data-cve-2024-40582-cve-2024-40583-60d957933b78"
    },
    {
      "type": "WEB",
      "url": "http://curovms.com"
    },
    {
      "type": "WEB",
      "url": "http://pentaminds.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MCMJ-Q426-5FCX

Vulnerability from github – Published: 2025-04-01 06:30 – Updated: 2025-04-01 06:30
VLAI
Details

Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-0418"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-01T04:15:39Z",
    "severity": "MODERATE"
  },
  "details": "Valmet DNA user passwords in plain text.\u00a0This practice poses a security risk as attackers who gain access to local project data can read the passwords.",
  "id": "GHSA-mcmj-q426-5fcx",
  "modified": "2025-04-01T06:30:44Z",
  "published": "2025-04-01T06:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0418"
    },
    {
      "type": "WEB",
      "url": "https://www.valmet.com/about-us/about/research-and-development/vulnerabilityadvisories/cve-2025-0418"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:D/RE:L/U:Green",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301]

Mitigation
Implementation System Configuration Operation

In some systems/environments such as cloud, the use of "double encryption" (at both the software and hardware layer) might be required, and the developer might be solely responsible for both layers, instead of shared responsibility with the administrator of the broader system/environment.

CAPEC-37: Retrieve Embedded Sensitive Data

An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.