CWE-922
Allowed-with-ReviewInsecure Storage of Sensitive Information
Abstraction: Class · Status: Incomplete
The product stores sensitive information without properly limiting read or write access by unauthorized actors.
437 vulnerabilities reference this CWE, most recent first.
GHSA-FP5G-P2FH-5344
Vulnerability from github – Published: 2025-01-28 00:32 – Updated: 2025-01-30 21:31This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data.
{
"affected": [],
"aliases": [
"CVE-2024-54549"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T22:15:14Z",
"severity": "MODERATE"
},
"details": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data.",
"id": "GHSA-fp5g-p2fh-5344",
"modified": "2025-01-30T21:31:21Z",
"published": "2025-01-28T00:32:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54549"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121839"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FX7J-C4VG-7M5H
Vulnerability from github – Published: 2025-10-12 18:30 – Updated: 2025-10-12 18:30A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file collect_logs.sh of the component Debug Log S3 Bucket Handler. The manipulation leads to insecure storage of sensitive information. An attack has to be approached locally. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-11639"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-12T18:15:33Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file collect_logs.sh of the component Debug Log S3 Bucket Handler. The manipulation leads to insecure storage of sensitive information. An attack has to be approached locally. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-fx7j-c4vg-7m5h",
"modified": "2025-10-12T18:30:22Z",
"published": "2025-10-12T18:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11639"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.328050"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.328050"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.661364"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.661876"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-G485-29GQ-6H2H
Vulnerability from github – Published: 2021-09-01 18:36 – Updated: 2021-08-30 18:51The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "miniorange/miniorange-saml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-36786"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-30T18:51:00Z",
"nvd_published_at": "2021-08-13T17:15:00Z",
"severity": "HIGH"
},
"details": "The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys.",
"id": "GHSA-g485-29gq-6h2h",
"modified": "2021-08-30T18:51:00Z",
"published": "2021-09-01T18:36:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36786"
},
{
"type": "PACKAGE",
"url": "https://github.com/miniOrangeDev/miniorange-saml-typo3-sso"
},
{
"type": "WEB",
"url": "https://typo3.org/security/advisory/typo3-ext-sa-2021-011"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Sensitive Data Exposure in miniorange_saml"
}
GHSA-G4XV-F6GH-PR93
Vulnerability from github – Published: 2023-02-27 21:30 – Updated: 2023-03-08 18:30A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data..
{
"affected": [],
"aliases": [
"CVE-2023-23522"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-27T20:15:00Z",
"severity": "MODERATE"
},
"details": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data..",
"id": "GHSA-g4xv-f6gh-pr93",
"modified": "2023-03-08T18:30:26Z",
"published": "2023-02-27T21:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23522"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213633"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G55R-72X2-J2W6
Vulnerability from github – Published: 2025-09-19 21:31 – Updated: 2025-09-19 21:31Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information.
{
"affected": [],
"aliases": [
"CVE-2025-21041"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-03T06:15:50Z",
"severity": "MODERATE"
},
"details": "Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information.",
"id": "GHSA-g55r-72x2-j2w6",
"modified": "2025-09-19T21:31:15Z",
"published": "2025-09-19T21:31:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21041"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=09"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G6F3-67V4-98VV
Vulnerability from github – Published: 2024-10-11 21:31 – Updated: 2024-10-15 18:30An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a remote attacker to obtain sensitive information via the firmware update process.
{
"affected": [],
"aliases": [
"CVE-2024-48770"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-11T20:15:05Z",
"severity": "HIGH"
},
"details": "An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a remote attacker to obtain sensitive information via the firmware update process.",
"id": "GHSA-g6f3-67v4-98vv",
"modified": "2024-10-15T18:30:49Z",
"published": "2024-10-11T21:31:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48770"
},
{
"type": "WEB",
"url": "https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.wisdomcity.zwave/com.wisdomcity.zwave.md"
},
{
"type": "WEB",
"url": "http://comwisdomcityzwave.com"
},
{
"type": "WEB",
"url": "http://plug.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G774-VX5R-X2VG
Vulnerability from github – Published: 2024-10-28 21:30 – Updated: 2026-04-02 21:31This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to read sensitive location information.
{
"affected": [],
"aliases": [
"CVE-2024-44222"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-28T21:15:06Z",
"severity": "LOW"
},
"details": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to read sensitive location information.",
"id": "GHSA-g774-vx5r-x2vg",
"modified": "2026-04-02T21:31:59Z",
"published": "2024-10-28T21:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44222"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121564"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121568"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121570"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Oct/11"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Oct/12"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Oct/13"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G77X-HH5W-QPW7
Vulnerability from github – Published: 2024-04-08 03:30 – Updated: 2024-11-27 18:34In modem driver, there is a possible system crash due to improper input validation. This could lead to local information disclosure with System execution privileges needed
{
"affected": [],
"aliases": [
"CVE-2023-52345"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-08T03:15:08Z",
"severity": "MODERATE"
},
"details": "In modem driver, there is a possible system crash due to improper input validation. This could lead to local information disclosure with System execution privileges needed",
"id": "GHSA-g77x-hh5w-qpw7",
"modified": "2024-11-27T18:34:00Z",
"published": "2024-04-08T03:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52345"
},
{
"type": "WEB",
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G789-9H8J-6WHM
Vulnerability from github – Published: 2025-08-26 15:31 – Updated: 2025-08-26 18:31Incorrect access control in the EEPROM component of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows attackers to replace password hashes stored in the EEPROM with hashes of their own, leading to the escalation of privileges to root.
{
"affected": [],
"aliases": [
"CVE-2025-25732"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-26T15:15:42Z",
"severity": "MODERATE"
},
"details": "Incorrect access control in the EEPROM component of Kapsch TrafficCom RIS-9160 \u0026 RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows attackers to replace password hashes stored in the EEPROM with hashes of their own, leading to the escalation of privileges to root.",
"id": "GHSA-g789-9h8j-6whm",
"modified": "2025-08-26T18:31:15Z",
"published": "2025-08-26T15:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25732"
},
{
"type": "WEB",
"url": "https://cwe.mitre.org/data/definitions/922.html"
},
{
"type": "WEB",
"url": "https://phrack.org/issues/72/16_md"
},
{
"type": "WEB",
"url": "https://www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dec7e7/KTC-CVS_RIS-9260_DataSheet.pdf"
},
{
"type": "WEB",
"url": "https://www.kapsch.net/_Resources/Persistent/55fb8d0fb279262809eac88d457894db1b3efcd5/Kapsch_RIS-9160_Datasheet_EN.pdf"
},
{
"type": "WEB",
"url": "https://www.kapsch.net/en"
},
{
"type": "WEB",
"url": "https://www.kapsch.net/en/press/releases/ktc-20200813-pr-en"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G9M6-GVQR-98XQ
Vulnerability from github – Published: 2025-01-09 21:31 – Updated: 2025-01-23 18:31Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on (DEBUG = True) and exposing sensitive information defined in Django settings file through verbose error page.
{
"affected": [],
"aliases": [
"CVE-2024-56113"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-09T20:15:39Z",
"severity": "HIGH"
},
"details": "Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on (DEBUG = True) and exposing sensitive information defined in Django settings file through verbose error page.",
"id": "GHSA-g9m6-gvqr-98xq",
"modified": "2025-01-23T18:31:14Z",
"published": "2025-01-09T21:31:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56113"
},
{
"type": "WEB",
"url": "https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2024-56113"
},
{
"type": "WEB",
"url": "https://smarttoilet.pratt.duke.edu"
},
{
"type": "WEB",
"url": "https://www.motius.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.