Common Weakness Enumeration

CWE-312

Allowed

Cleartext Storage of Sensitive Information

Abstraction: Base · Status: Draft

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

1017 vulnerabilities reference this CWE, most recent first.

GHSA-P5CF-VC34-747C

Vulnerability from github – Published: 2023-08-04 03:30 – Updated: 2024-04-04 06:33
VLAI
Details

Assmann Digitus Plug&View IP Camera family allows unauthenticated attackers to download a copy of the camera's settings and the administrator credentials.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-30146"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-04T01:15:09Z",
    "severity": "HIGH"
  },
  "details": "Assmann Digitus Plug\u0026View IP Camera family allows unauthenticated attackers to download a copy of the camera\u0027s settings and the administrator credentials.",
  "id": "GHSA-p5cf-vc34-747c",
  "modified": "2024-04-04T06:33:36Z",
  "published": "2023-08-04T03:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30146"
    },
    {
      "type": "WEB",
      "url": "https://de.assmann.shop/de/Gebaeude-Technik/Sicherheitstechnik/Ueberwachungskameras"
    },
    {
      "type": "WEB",
      "url": "https://github.com/L1-0/CVE-2023-30146"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P5CH-7HC9-CV48

Vulnerability from github – Published: 2021-12-15 00:00 – Updated: 2021-12-17 00:00
VLAI
Details

SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the network, which should otherwise be encrypted. For an attacker to discover vulnerable function in-depth application knowledge is required, but once exploited the attacker may be able to completely compromise confidentiality, integrity, and availability of the application.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-42066"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-14T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the network, which should otherwise be encrypted. For an attacker to discover vulnerable function in-depth application knowledge is required, but once exploited the attacker may be able to completely compromise confidentiality, integrity, and availability of the application.",
  "id": "GHSA-p5ch-7hc9-cv48",
  "modified": "2021-12-17T00:00:43Z",
  "published": "2021-12-15T00:00:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42066"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.support.sap.com/#/notes/3101299"
    },
    {
      "type": "WEB",
      "url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021"
    },
    {
      "type": "WEB",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-P6CP-6R35-32MH

Vulnerability from github – Published: 2023-12-16 00:03 – Updated: 2023-12-16 00:03
VLAI
Summary
Solr search discloses password hashes of all users
Details

Impact

The Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are public. To reproduce, it is sufficient to search for propertyvalue:?* AND reference:*.password and then deselect the "Document" property under "Result type" in the "Refine your search" widget at the right of the search results. If this displays any passwords or password hashes, the installation is vulnerable.

By default, passwords in XWiki are salted and hashed with SHA-512. On XWiki versions affected by CVE-2022-41933, passwords are stored in plain text if they have been set using the password reset feature. This might affect XWiki installations that are using an external authentication mechanism such that passwords aren't stored in the wiki.

This vulnerability also affects any configurations used by extensions that contain passwords like API keys that are viewable for the attacker. Normally, such passwords aren't accessible but this vulnerability would disclose them as plain text.

Patches

This has been patched in XWiki 14.10.15, 15.5.2 and 15.7RC1. This vulnerability has been patched as part of patching GHSA-2grh-gr37-2283, the part of the fix that changes the indexing of single properties to use the same code as the main document for getting the property's value fixes this vulnerability.

Workarounds

We're not aware of any workarounds apart from upgrading to a fixed version.

References

  • https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea
  • https://jira.xwiki.org/browse/XWIKI-21208
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-search-solr-api"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.2-milestone-2"
            },
            {
              "fixed": "14.10.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-search-solr-api"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "15.0-rc-1"
            },
            {
              "fixed": "15.5.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-search-solr-api"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "15.6-rc-1"
            },
            {
              "fixed": "15.7-rc-1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-50719"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-312"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-12-16T00:03:54Z",
    "nvd_published_at": "2023-12-15T19:15:09Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nThe Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are public. To reproduce, it is sufficient to search for `propertyvalue:?* AND reference:*.password` and then deselect the \"Document\" property under \"Result type\" in the \"Refine your search\" widget at the right of the search results. If this displays any passwords or password hashes, the installation is vulnerable.\n\nBy default, passwords in XWiki are salted and hashed with SHA-512. On XWiki versions affected by [CVE-2022-41933](https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-q2hm-2h45-v5g3), passwords are stored in plain text if they have been set using the password reset feature. This might affect XWiki installations that are using an external authentication mechanism such that passwords aren\u0027t stored in the wiki.\n\nThis vulnerability also affects any configurations used by extensions that contain passwords like API keys that are viewable for the attacker. Normally, such passwords aren\u0027t accessible but this vulnerability would disclose them as plain text.\n\n### Patches\nThis has been patched in XWiki 14.10.15, 15.5.2 and 15.7RC1. This vulnerability has been patched as part of patching [GHSA-2grh-gr37-2283](https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2grh-gr37-2283), the part of the fix that changes the indexing of single properties to use the same code as the main document for getting the property\u0027s value fixes this vulnerability.\n\n### Workarounds\nWe\u0027re not aware of any workarounds apart from upgrading to a fixed version.\n\n### References\n* https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea\n* https://jira.xwiki.org/browse/XWIKI-21208",
  "id": "GHSA-p6cp-6r35-32mh",
  "modified": "2023-12-16T00:03:54Z",
  "published": "2023-12-16T00:03:54Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p6cp-6r35-32mh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50719"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xwiki/xwiki-platform"
    },
    {
      "type": "WEB",
      "url": "https://jira.xwiki.org/browse/XWIKI-21208"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Solr search discloses password hashes of all users"
}

GHSA-P7M7-5QJR-XF2Q

Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-05-24 19:05
VLAI
Details

SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-28979"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312",
      "CWE-74"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-16T12:15:00Z",
    "severity": "MODERATE"
  },
  "details": "SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked.",
  "id": "GHSA-p7m7-5qjr-xf2q",
  "modified": "2022-05-24T19:05:34Z",
  "published": "2022-05-24T19:05:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28979"
    },
    {
      "type": "WEB",
      "url": "https://www.gruppotim.it/redteam"
    },
    {
      "type": "WEB",
      "url": "https://www.thalesgroup.com/en"
    },
    {
      "type": "WEB",
      "url": "http://safenet.com"
    },
    {
      "type": "WEB",
      "url": "http://thales.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P8G3-HWCG-GR94

Vulnerability from github – Published: 2022-05-10 00:00 – Updated: 2022-05-19 00:00
VLAI
Details

1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Malicious software running on the same computer can exfiltrate secrets from 1Password provided that 1Password is running and is unlocked. Affected secrets include vault items and derived values used for signing in to 1Password.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-29868"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-09T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Malicious software running on the same computer can exfiltrate secrets from 1Password provided that 1Password is running and is unlocked. Affected secrets include vault items and derived values used for signing in to 1Password.",
  "id": "GHSA-p8g3-hwcg-gr94",
  "modified": "2022-05-19T00:00:21Z",
  "published": "2022-05-10T00:00:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29868"
    },
    {
      "type": "WEB",
      "url": "https://support.1password.com/kb/202204"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P9HG-WRMV-V8CP

Vulnerability from github – Published: 2026-03-18 18:31 – Updated: 2026-03-20 14:34
VLAI
Summary
Jenkins LoadNinja Plugin does not mask LoadNinja API keys displayed on the job configuration form
Details

Jenkins LoadNinja Plugin 2.1 and earlier does not mask LoadNinja API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:loadninja"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-33004"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-19T12:47:16Z",
    "nvd_published_at": "2026-03-18T16:16:28Z",
    "severity": "MODERATE"
  },
  "details": "Jenkins LoadNinja Plugin 2.1 and earlier does not mask LoadNinja API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.",
  "id": "GHSA-p9hg-wrmv-v8cp",
  "modified": "2026-03-20T14:34:25Z",
  "published": "2026-03-18T18:31:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33004"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/loadninja-plugin"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2026-03-18/#SECURITY-3642"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Jenkins LoadNinja Plugin does not mask LoadNinja API keys displayed on the job configuration form"
}

GHSA-P9Q6-8MQ9-55P7

Vulnerability from github – Published: 2024-10-02 18:31 – Updated: 2024-10-02 18:31
VLAI
Details

A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view sensitive information.

This vulnerability is due to the improper storage of sensitive information within config only and full backup files. An attacker could exploit this vulnerability by parsing the contents of a backup file that is generated from an affected device. A successful exploit could allow the attacker to access sensitive information, including NDFC-connected device credentials, the NDFC site manager private key, and the scheduled backup file encryption key.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-20448"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312",
      "CWE-313"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-02T17:15:16Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view sensitive information.\n\nThis vulnerability is due to the improper storage of sensitive information within config only and full backup files. An attacker could exploit this vulnerability by parsing the contents of a backup file that is generated from an affected device. A successful exploit could allow the attacker to access sensitive information, including NDFC-connected device credentials, the NDFC site manager private key, and the scheduled backup file encryption key.",
  "id": "GHSA-p9q6-8mq9-55p7",
  "modified": "2024-10-02T18:31:33Z",
  "published": "2024-10-02T18:31:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20448"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-cidv-XvyX2wLj"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P9RC-X48F-582X

Vulnerability from github – Published: 2022-05-24 17:28 – Updated: 2023-10-27 13:44
VLAI
Summary
Passwords stored in plain text by ElasTest Plugin
Details

Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:elastest"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-2274"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-28T22:45:26Z",
    "nvd_published_at": "2020-09-16T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.",
  "id": "GHSA-p9rc-x48f-582x",
  "modified": "2023-10-27T13:44:42Z",
  "published": "2022-05-24T17:28:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2274"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/elastest-plugin"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-2014"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/09/16/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Passwords stored in plain text by ElasTest Plugin"
}

GHSA-PC3C-MP2M-RR8W

Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03
VLAI
Details

In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. These credentials are for various application components such as SNMP, and SSL and Trust keystores.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-16498"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-26T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. These credentials are for various application components such as SNMP, and SSL and Trust keystores.",
  "id": "GHSA-pc3c-mp2m-rr8w",
  "modified": "2022-05-24T19:03:18Z",
  "published": "2022-05-24T19:03:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16498"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1168195"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-PC3Q-9R5P-7R58

Vulnerability from github – Published: 2023-02-17 21:30 – Updated: 2023-03-01 21:30
VLAI
Details

IBM QRadar SIEM 7.4 and 7.5 is vulnerable to information exposure allowing a non-tenant user with a specific domain security profile assigned to see some data from other domains. IBM X-Force ID: 230402.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-34351"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-17T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "IBM QRadar SIEM 7.4 and 7.5 is vulnerable to information exposure allowing a non-tenant user with a specific domain security profile assigned to see some data from other domains. IBM X-Force ID: 230402.",
  "id": "GHSA-pc3q-9r5p-7r58",
  "modified": "2023-03-01T21:30:19Z",
  "published": "2023-02-17T21:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34351"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230402"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6955059"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301]

Mitigation
Implementation System Configuration Operation

In some systems/environments such as cloud, the use of "double encryption" (at both the software and hardware layer) might be required, and the developer might be solely responsible for both layers, instead of shared responsibility with the administrator of the broader system/environment.

CAPEC-37: Retrieve Embedded Sensitive Data

An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.