Common Weakness Enumeration

CWE-312

Allowed

Cleartext Storage of Sensitive Information

Abstraction: Base · Status: Draft

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

1017 vulnerabilities reference this CWE, most recent first.

GHSA-R2HW-74XV-4GQP

Vulnerability from github – Published: 2023-10-24 19:25 – Updated: 2024-10-07 15:09
VLAI
Summary
Nautobot vulnerable to exposure of hashed user passwords via REST API
Details

Impact

In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth=<N> query parameter, can expose hashed user passwords as stored in the database to any authenticated user with access to these endpoints.

The passwords are not exposed in plaintext. Nautobot 1.x is not affected by this vulnerability.

Example:

GET /api/users/permissions/?depth=1

HTTP 200 OK
API-Version: 2.0
Allow: GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
    "count": 1,
    "next": null,
    "previous": null,
    "results": [
        {
            "id": "28ea85e4-5039-4389-94f1-9a3e1c787149",
            "object_type": "users.objectpermission",
            "display": "Run Job",
            "url": "http://localhost:8080/api/users/permissions/28ea85e4-5039-4389-94f1-9a3e1c787149/",
            "natural_slug": "run-job_28ea",
            "object_types": [
                "extras.job"
            ],
            "name": "Run Job",
            "description": "",
            "enabled": true,
            "actions": [
                "run",
                "view"
            ],
            "constraints": null,
            "groups": [
                {
                    "id": 1,
                    "object_type": "auth.group",
                    "display": "A Group",
                    "url": "http://localhost:8080/api/users/groups/1/",
                    "natural_slug": "a-group_1",
                    "name": "A Group"
                }
            ],
            "users": [
                {
                    "id": "e73288e2-1326-4bfb-8fea-041290dd7473",
                    "object_type": "users.user",
                    "display": "admin",
                    "url": "http://localhost:8080/api/users/users/e73288e2-1326-4bfb-8fea-041290dd7473/",
                    "natural_slug": "admin_e732",
                    "password": "pbkdf2_sha256$260000$jQb7hA48HYJ0MLWQgOZiBl$b72+gz6SpZiRpxceRQfT5Zv/aUac0eJ4NdBTZ8ECOow=",
                    "last_login": "2023-10-18T14:19:08.780857Z",
                    "is_superuser": true,
                    "username": "admin",
                    "first_name": "",
                    "last_name": "",
                    "email": "",
                    "is_staff": true,
                    "is_active": true,
                    "date_joined": "2023-10-18T14:18:55.854023Z",
                    "config_data": {}
                }
            ]
        }
    ]
}

Note the "password" field present in the nested "users" data.

This information is not exposed during direct access to the /api/users/users/ endpoint, but can be exposed through any endpoint which contains a nested reference to User object(s) when an appropriate ?depth=<N> query parameter is specified. Known impacted endpoints include:

  • /api/dcim/rack-reservations/?depth=1(or any greater depth value)
  • /api/extras/job-results/?depth=1 (or any greater depth value)
  • /api/extras/notes/?depth=1 (or any greater depth value)
  • /api/extras/object-changes/?depth=1 (or any greater depth value)
  • /api/extras/scheduled-jobs/?depth=1 (or any greater depth value)
  • /api/users/permissions/?depth=1 (or any greater depth value)

but this is not necessarily an exhaustive list.

Plugin REST API endpoints for any models with a foreign key to the User model may also be impacted by this issue.

The patch identified below mitigates the issue for both Nautobot core REST APIs and plugin REST APIs; no code change in plugins is required to address this issue.

Patches

Refer to https://github.com/nautobot/nautobot/pull/4692 for the patch that resolved this issue.

Workarounds

Upgrading to v2.0.3 or later, or applying the above patch, is the preferred workaround for this issue; while it could also be partially mitigated by updating permissions to deny user access to the above list of impacted REST API endpoints, that is not recommended as other endpoints may also expose this issue until patched.

References

https://github.com/nautobot/nautobot/pull/4692

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "nautobot"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-46128"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-312",
      "CWE-359"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-24T19:25:24Z",
    "nvd_published_at": "2023-10-25T18:17:36Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nIn Nautobot 2.0.x, certain REST API endpoints, in combination with the `?depth=\u003cN\u003e` query parameter, can expose hashed user passwords as stored in the database to any authenticated user with access to these endpoints. \n\n\u003e The passwords are *not* exposed in plaintext. \n\u003e Nautobot 1.x is *not* affected by this vulnerability.\n\nExample:\n\n```\nGET /api/users/permissions/?depth=1\n\nHTTP 200 OK\nAPI-Version: 2.0\nAllow: GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS\nContent-Type: application/json\nVary: Accept\n```\n\n```json\n{\n    \"count\": 1,\n    \"next\": null,\n    \"previous\": null,\n    \"results\": [\n        {\n            \"id\": \"28ea85e4-5039-4389-94f1-9a3e1c787149\",\n            \"object_type\": \"users.objectpermission\",\n            \"display\": \"Run Job\",\n            \"url\": \"http://localhost:8080/api/users/permissions/28ea85e4-5039-4389-94f1-9a3e1c787149/\",\n            \"natural_slug\": \"run-job_28ea\",\n            \"object_types\": [\n                \"extras.job\"\n            ],\n            \"name\": \"Run Job\",\n            \"description\": \"\",\n            \"enabled\": true,\n            \"actions\": [\n                \"run\",\n                \"view\"\n            ],\n            \"constraints\": null,\n            \"groups\": [\n                {\n                    \"id\": 1,\n                    \"object_type\": \"auth.group\",\n                    \"display\": \"A Group\",\n                    \"url\": \"http://localhost:8080/api/users/groups/1/\",\n                    \"natural_slug\": \"a-group_1\",\n                    \"name\": \"A Group\"\n                }\n            ],\n            \"users\": [\n                {\n                    \"id\": \"e73288e2-1326-4bfb-8fea-041290dd7473\",\n                    \"object_type\": \"users.user\",\n                    \"display\": \"admin\",\n                    \"url\": \"http://localhost:8080/api/users/users/e73288e2-1326-4bfb-8fea-041290dd7473/\",\n                    \"natural_slug\": \"admin_e732\",\n                    \"password\": \"pbkdf2_sha256$260000$jQb7hA48HYJ0MLWQgOZiBl$b72+gz6SpZiRpxceRQfT5Zv/aUac0eJ4NdBTZ8ECOow=\",\n                    \"last_login\": \"2023-10-18T14:19:08.780857Z\",\n                    \"is_superuser\": true,\n                    \"username\": \"admin\",\n                    \"first_name\": \"\",\n                    \"last_name\": \"\",\n                    \"email\": \"\",\n                    \"is_staff\": true,\n                    \"is_active\": true,\n                    \"date_joined\": \"2023-10-18T14:18:55.854023Z\",\n                    \"config_data\": {}\n                }\n            ]\n        }\n    ]\n}\n```\n\n\u003e Note the \"password\" field present in the nested `\"users\"` data.\n\nThis information is not exposed during direct access to the `/api/users/users/` endpoint, but can be exposed through any endpoint which contains a nested reference to User object(s) when an appropriate `?depth=\u003cN\u003e` query parameter is specified. Known impacted endpoints include:\n\n- `/api/dcim/rack-reservations/?depth=1`(or any greater `depth` value)\n- `/api/extras/job-results/?depth=1` (or any greater `depth` value)\n- `/api/extras/notes/?depth=1` (or any greater `depth` value)\n- `/api/extras/object-changes/?depth=1` (or any greater `depth` value)\n- `/api/extras/scheduled-jobs/?depth=1` (or any greater `depth` value)\n- `/api/users/permissions/?depth=1` (or any greater `depth` value)\n\nbut this is not necessarily an exhaustive list. \n\n\u003e Plugin REST API endpoints for any models with a foreign key to the User model may also be impacted by this issue.\n\n\u003e The patch identified below mitigates the issue for both Nautobot core REST APIs and plugin REST APIs; no code change in plugins is required to address this issue.\n\n### Patches\n\nRefer to https://github.com/nautobot/nautobot/pull/4692 for the patch that resolved this issue.\n\n### Workarounds\n\nUpgrading to v2.0.3 or later, or applying the above patch, is the preferred workaround for this issue; while it could also be partially mitigated by updating permissions to deny user access to the above list of impacted REST API endpoints, that is not recommended as other endpoints may also expose this issue until patched.\n\n### References\n\nhttps://github.com/nautobot/nautobot/pull/4692\n",
  "id": "GHSA-r2hw-74xv-4gqp",
  "modified": "2024-10-07T15:09:56Z",
  "published": "2023-10-24T19:25:24Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-r2hw-74xv-4gqp"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46128"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nautobot/nautobot/pull/4692"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nautobot/nautobot/commit/1ce8e5c658a075c29554d517cd453675e5d40d71"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/nautobot/nautobot"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nautobot/PYSEC-2023-220.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Nautobot vulnerable to exposure of hashed user passwords via REST API"
}

GHSA-R2PW-9CXH-M8MR

Vulnerability from github – Published: 2026-06-08 21:31 – Updated: 2026-06-08 21:31
VLAI
Details

Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via a crafted API request.

This issue affects :

  • Devolutions Server 2026.2.4.0
  • Devolutions Server 2026.1.20.0 and earlier
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-10786"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-08T19:16:34Z",
    "severity": "MODERATE"
  },
  "details": "Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via a crafted API request.\n\nThis issue affects :\n\n  *  Devolutions Server 2026.2.4.0\n  *  Devolutions Server 2026.1.20.0 and earlier",
  "id": "GHSA-r2pw-9cxh-m8mr",
  "modified": "2026-06-08T21:31:50Z",
  "published": "2026-06-08T21:31:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10786"
    },
    {
      "type": "WEB",
      "url": "https://devolutions.net/security/advisories/DEVO-2026-0015"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R2RH-HPQM-RGJ8

Vulnerability from github – Published: 2022-12-02 00:30 – Updated: 2022-12-06 18:30
VLAI
Details

IXPdata EasyInstall 6.6.14725 contains an access control issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-35120"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-01T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "IXPdata EasyInstall 6.6.14725 contains an access control issue.",
  "id": "GHSA-r2rh-hpqm-rgj8",
  "modified": "2022-12-06T18:30:21Z",
  "published": "2022-12-02T00:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35120"
    },
    {
      "type": "WEB",
      "url": "https://la.rsbir.ch/CVE-2022-35120.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R365-C863-WWVQ

Vulnerability from github – Published: 2022-05-13 01:50 – Updated: 2022-05-13 01:50
VLAI
Details

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-18641"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-04T23:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information.",
  "id": "GHSA-r365-c863-wwvq",
  "modified": "2022-05-13T01:50:43Z",
  "published": "2022-05-13T01:50:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18641"
    },
    {
      "type": "WEB",
      "url": "https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/51113"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R43R-P9MV-G2FW

Vulnerability from github – Published: 2024-12-05 15:31 – Updated: 2024-12-05 15:31
VLAI
Details

This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-54127"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-05T13:15:09Z",
    "severity": "MODERATE"
  },
  "details": "This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system.",
  "id": "GHSA-r43r-p9mv-g2fw",
  "modified": "2024-12-05T15:31:02Z",
  "published": "2024-12-05T15:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54127"
    },
    {
      "type": "WEB",
      "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2024-0354"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-R4W6-45H7-R5JM

Vulnerability from github – Published: 2022-05-10 00:00 – Updated: 2022-05-18 00:00
VLAI
Details

Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-28162"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-09T17:15:00Z",
    "severity": "LOW"
  },
  "details": "Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text.",
  "id": "GHSA-r4w6-45h7-r5jm",
  "modified": "2022-05-18T00:00:32Z",
  "published": "2022-05-10T00:00:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28162"
    },
    {
      "type": "WEB",
      "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1841"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R55W-XPH5-XVX2

Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2024-10-23 18:25
VLAI
Summary
SaltStack Salt Cleartext Storage of Sensitive Information via cmdmod
Details

An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2015.8.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2016.3.0"
            },
            {
              "fixed": "2016.11.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2016.11.7"
            },
            {
              "fixed": "2016.11.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2017.5.0"
            },
            {
              "fixed": "2017.7.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2018.2.0"
            },
            {
              "last_affected": "2018.3.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2019.2.0"
            },
            {
              "fixed": "2019.2.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3000"
            },
            {
              "fixed": "3000.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3001"
            },
            {
              "fixed": "3001.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "salt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3002"
            },
            {
              "fixed": "3002.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-25284"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312",
      "CWE-522"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-22T21:17:02Z",
    "nvd_published_at": "2021-02-27T05:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in through SaltStack Salt before 3002.5. `salt.modules.cmdmod` can log credentials to the info or error log level.",
  "id": "GHSA-r55w-xph5-xvx2",
  "modified": "2024-10-23T18:25:59Z",
  "published": "2022-05-24T17:43:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25284"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-5011"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202310-22"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202103-01"
    },
    {
      "type": "WEB",
      "url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "https://github.com/saltstack/salt/releases"
    },
    {
      "type": "WEB",
      "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.3.rst#L37"
    },
    {
      "type": "WEB",
      "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.5.rst#L37"
    },
    {
      "type": "WEB",
      "url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.7.rst#L37"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/saltstack/salt"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-53.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "SaltStack Salt Cleartext Storage of Sensitive Information via cmdmod "
}

GHSA-R62J-2RMF-5729

Vulnerability from github – Published: 2022-07-02 00:00 – Updated: 2022-07-09 00:00
VLAI
Details

IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-22367"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-01T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008.",
  "id": "GHSA-r62j-2rmf-5729",
  "modified": "2022-07-09T00:00:23Z",
  "published": "2022-07-02T00:00:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22367"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221008"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6600067"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R6RM-754V-479J

Vulnerability from github – Published: 2022-05-24 17:38 – Updated: 2025-08-12 18:31
VLAI
Details

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 171823.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-4687"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-13T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 171823.",
  "id": "GHSA-r6rm-754v-479j",
  "modified": "2025-08-12T18:31:16Z",
  "published": "2022-05-24T17:38:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-4687"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171823"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6403331"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R7CH-CWP4-RH7C

Vulnerability from github – Published: 2023-02-13 18:30 – Updated: 2023-02-25 03:30
VLAI
Details

Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file transfer protocol (FTP) server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3089"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312",
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-13T17:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file transfer protocol (FTP) server.",
  "id": "GHSA-r7ch-cwp4-rh7c",
  "modified": "2023-02-25T03:30:16Z",
  "published": "2023-02-13T18:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3089"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-037-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301]

Mitigation
Implementation System Configuration Operation

In some systems/environments such as cloud, the use of "double encryption" (at both the software and hardware layer) might be required, and the developer might be solely responsible for both layers, instead of shared responsibility with the administrator of the broader system/environment.

CAPEC-37: Retrieve Embedded Sensitive Data

An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.