CWE-922
Allowed-with-ReviewInsecure Storage of Sensitive Information
Abstraction: Class · Status: Incomplete
The product stores sensitive information without properly limiting read or write access by unauthorized actors.
437 vulnerabilities reference this CWE, most recent first.
GHSA-QRX6-94XM-F6M7
Vulnerability from github – Published: 2022-06-03 00:01 – Updated: 2022-06-11 00:00An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application and extract their API keys.
{
"affected": [],
"aliases": [
"CVE-2021-43512"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-02T14:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application and extract their API keys.",
"id": "GHSA-qrx6-94xm-f6m7",
"modified": "2022-06-11T00:00:27Z",
"published": "2022-06-03T00:01:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43512"
},
{
"type": "WEB",
"url": "https://medium.com/@janmejayaswainofficial/advisory-of-cve-2021-43512-5e54e6a93101"
},
{
"type": "WEB",
"url": "https://www.flightradar24.com"
},
{
"type": "WEB",
"url": "https://www.flightradar24.com.aa"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-R5VQ-M2MP-CPFJ
Vulnerability from github – Published: 2024-11-27 18:34 – Updated: 2025-12-19 15:31InfluxDB through 2.7.10 allows allAccess administrators to retrieve all raw tokens via an "influx auth ls" command. NOTE: the supplier indicates that this is intentional but is a "poor design choice" that will be changed in a future release.
{
"affected": [],
"aliases": [
"CVE-2024-30896"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-21T11:15:34Z",
"severity": "CRITICAL"
},
"details": "InfluxDB through 2.7.10 allows allAccess administrators to retrieve all raw tokens via an \"influx auth ls\" command. NOTE: the supplier indicates that this is intentional but is a \"poor design choice\" that will be changed in a future release.",
"id": "GHSA-r5vq-m2mp-cpfj",
"modified": "2025-12-19T15:31:17Z",
"published": "2024-11-27T18:34:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30896"
},
{
"type": "WEB",
"url": "https://github.com/influxdata/influxdb/issues/24797"
},
{
"type": "WEB",
"url": "https://github.com/XenoM0rph97/CVE-2024-30896"
},
{
"type": "WEB",
"url": "https://github.com/influxdata/influxdb/releases/tag/v2.8.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R6XH-2P9X-84PQ
Vulnerability from github – Published: 2024-02-12 18:31 – Updated: 2024-10-10 15:30A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks information regarding the SystemWizardStatus component via sending a crafted request to device_web_ip.
{
"affected": [],
"aliases": [
"CVE-2024-25360"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-12T16:15:08Z",
"severity": "MODERATE"
},
"details": "A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks information regarding the SystemWizardStatus component via sending a crafted request to device_web_ip.",
"id": "GHSA-r6xh-2p9x-84pq",
"modified": "2024-10-10T15:30:30Z",
"published": "2024-02-12T18:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25360"
},
{
"type": "WEB",
"url": "https://github.com/leetsun/Hints/tree/main/moto-CX2L/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-R72F-RMC7-WHWP
Vulnerability from github – Published: 2024-03-08 03:31 – Updated: 2026-04-02 21:31A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to access user-sensitive data.
{
"affected": [],
"aliases": [
"CVE-2024-23290"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-08T02:15:50Z",
"severity": "MODERATE"
},
"details": "A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to access user-sensitive data.",
"id": "GHSA-r72f-rmc7-whwp",
"modified": "2026-04-02T21:31:39Z",
"published": "2024-03-08T03:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23290"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120881"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120882"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120893"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120895"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214081"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214084"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214086"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214088"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214081"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214084"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214086"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214088"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Mar/24"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-R7HH-JQHX-M5XR
Vulnerability from github – Published: 2022-03-24 00:00 – Updated: 2022-04-13 00:01Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control.
{
"affected": [],
"aliases": [
"CVE-2021-27456"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-23T20:15:00Z",
"severity": "LOW"
},
"details": "Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control.",
"id": "GHSA-r7hh-jqhx-m5xr",
"modified": "2022-04-13T00:01:08Z",
"published": "2022-03-24T00:00:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27456"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-084-01"
},
{
"type": "WEB",
"url": "https://www.philips.com/productsecurity"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-R7JP-3WP4-FVF4
Vulnerability from github – Published: 2026-02-12 00:31 – Updated: 2026-02-17 15:31A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data.
{
"affected": [],
"aliases": [
"CVE-2026-20629"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-11T23:16:06Z",
"severity": "MODERATE"
},
"details": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data.",
"id": "GHSA-r7jp-3wp4-fvf4",
"modified": "2026-02-17T15:31:34Z",
"published": "2026-02-12T00:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20629"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126348"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-R8GG-2FV9-XJWJ
Vulnerability from github – Published: 2022-04-15 00:00 – Updated: 2022-04-24 00:00Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sensitive information has been moved to encrypted database files.
{
"affected": [],
"aliases": [
"CVE-2022-1257"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-14T15:15:00Z",
"severity": "MODERATE"
},
"details": "Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sensitive information has been moved to encrypted database files.",
"id": "GHSA-r8gg-2fv9-xjwj",
"modified": "2022-04-24T00:00:38Z",
"published": "2022-04-15T00:00:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1257"
},
{
"type": "WEB",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10382"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-R922-52FR-4X9G
Vulnerability from github – Published: 2024-10-28 21:30 – Updated: 2024-10-29 18:30The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An attacker may be able to view restricted content from the lock screen.
{
"affected": [],
"aliases": [
"CVE-2024-44174"
],
"database_specific": {
"cwe_ids": [
"CWE-754",
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-28T21:15:05Z",
"severity": "MODERATE"
},
"details": "The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An attacker may be able to view restricted content from the lock screen.",
"id": "GHSA-r922-52fr-4x9g",
"modified": "2024-10-29T18:30:36Z",
"published": "2024-10-28T21:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44174"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121238"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-R944-7XP4-CG8Q
Vulnerability from github – Published: 2024-03-08 03:31 – Updated: 2026-04-02 21:31This issue was addressed through improved state management. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to leak sensitive user information.
{
"affected": [],
"aliases": [
"CVE-2024-23241"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-08T02:15:48Z",
"severity": "MODERATE"
},
"details": "This issue was addressed through improved state management. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to leak sensitive user information.",
"id": "GHSA-r944-7xp4-cg8q",
"modified": "2026-04-02T21:31:37Z",
"published": "2024-03-08T03:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23241"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120882"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120893"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120895"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214081"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214084"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214086"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214081"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214084"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214086"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RFRX-WP2R-Q456
Vulnerability from github – Published: 2023-06-20 09:30 – Updated: 2024-01-12 09:30Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known.
{
"affected": [],
"aliases": [
"CVE-2023-26427"
],
"database_specific": {
"cwe_ids": [
"CWE-732",
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-20T08:15:09Z",
"severity": "LOW"
},
"details": "Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known.\n\n",
"id": "GHSA-rfrx-wp2r-q456",
"modified": "2024-01-12T09:30:25Z",
"published": "2023-06-20T09:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26427"
},
{
"type": "WEB",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0002.json"
},
{
"type": "WEB",
"url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0002.json"
},
{
"type": "WEB",
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6219_7.10.6_2023-03-20.pdf"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/173083/OX-App-Suite-SSRF-Resource-Consumption-Command-Injection.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Jun/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.