Common Weakness Enumeration

CWE-203

Allowed

Observable Discrepancy

Abstraction: Base · Status: Incomplete

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

835 vulnerabilities reference this CWE, most recent first.

GHSA-G5VH-55HW-RXM8

Vulnerability from github – Published: 2026-07-02 13:46 – Updated: 2026-07-02 13:46
VLAI
Summary
GoFiber Vulnerable to Username Enumeration via Timing Oracle in BasicAuth Default Authorizer
Details

Summary

The default Authorizer function in GoFiber's BasicAuth middleware uses short-circuit evaluation that skips password hash comparison for non-existent usernames. With bcrypt-hashed passwords (the primary use case), the timing difference between a valid and invalid username is approximately 1,000,000:1 (~100ms vs ~100ns), enabling reliable remote username enumeration.

Vulnerable Code

File: middleware/basicauth/config.go, lines 126-138

if cfg.Authorizer == nil {
    verifiers := make(map[string]func(string) bool, len(cfg.Users))
    for u, hpw := range cfg.Users {
        v, err := parseHashedPassword(hpw)
        if err != nil {
            panic(err)
        }
        verifiers[u] = v
    }
    cfg.Authorizer = func(user, pass string, _ fiber.Ctx) bool {
        verify, ok := verifiers[user]
        return ok && verify(pass)   // line 137: short-circuit skips verify() if user unknown
    }
}

Data Flow

  1. Attacker sends Authorization: Basic <base64(candidate:wrongpass)>
  2. BasicAuth middleware decodes credentials and calls cfg.Authorizer(user, pass, c)
  3. Map lookup verifiers[user] returns ok=false for non-existent users
  4. Go && short-circuit: false && verify(pass) returns immediately without calling verify()
  5. For valid users, verify(pass) executes bcrypt.CompareHashAndPassword() (line 167: ~100ms at default cost 10)
  6. Timing difference: ~100ns (invalid user) vs ~100ms (valid user) = 1,000,000:1 ratio

Timing comparison by hash type:

Hash Type Valid User Invalid User Ratio
bcrypt ($2) ~100 ms ~100 ns 1,000,000:1
SHA-512 ~1-5 us ~100 ns 10-50:1
SHA-256 ~1-5 us ~100 ns 10-50:1

Impact

  • Username enumeration: Attacker reliably determines which usernames exist by measuring response latency
  • Targeted brute force: After enumerating valid usernames, password brute force is focused only on real accounts
  • Account discovery: In applications where usernames are sensitive (internal tools, admin panels), leaking their existence is itself a security issue

Notes

  • Password hash comparisons themselves are timing-safe: subtle.ConstantTimeCompare is used correctly for SHA-256 (line 185), SHA-512 (line 176), and bcrypt uses its own constant-time comparison
  • The fix is to always execute a dummy hash comparison for unknown users: bcrypt.CompareHashAndPassword(dummyHash, []byte(pass)) and discard the result
  • This pattern matches CVE-2023-36456 (Authentik timing oracle) and similar findings in other auth libraries
Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.2.0"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/gofiber/fiber/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44332"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-02T13:46:25Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nThe default `Authorizer` function in GoFiber\u0027s BasicAuth middleware uses short-circuit evaluation that skips password hash comparison for non-existent usernames. With bcrypt-hashed passwords (the primary use case), the timing difference between a valid and invalid username is approximately 1,000,000:1 (~100ms vs ~100ns), enabling reliable remote username enumeration.\n\n## Vulnerable Code\n\n**File:** `middleware/basicauth/config.go`, lines 126-138\n\n```go\nif cfg.Authorizer == nil {\n    verifiers := make(map[string]func(string) bool, len(cfg.Users))\n    for u, hpw := range cfg.Users {\n        v, err := parseHashedPassword(hpw)\n        if err != nil {\n            panic(err)\n        }\n        verifiers[u] = v\n    }\n    cfg.Authorizer = func(user, pass string, _ fiber.Ctx) bool {\n        verify, ok := verifiers[user]\n        return ok \u0026\u0026 verify(pass)   // line 137: short-circuit skips verify() if user unknown\n    }\n}\n```\n\n## Data Flow\n\n1. Attacker sends `Authorization: Basic \u003cbase64(candidate:wrongpass)\u003e`\n2. BasicAuth middleware decodes credentials and calls `cfg.Authorizer(user, pass, c)`\n3. Map lookup `verifiers[user]` returns `ok=false` for non-existent users\n4. Go `\u0026\u0026` short-circuit: `false \u0026\u0026 verify(pass)` returns immediately without calling `verify()`\n5. For valid users, `verify(pass)` executes `bcrypt.CompareHashAndPassword()` (line 167: ~100ms at default cost 10)\n6. Timing difference: ~100ns (invalid user) vs ~100ms (valid user) = 1,000,000:1 ratio\n\n**Timing comparison by hash type:**\n\n| Hash Type | Valid User | Invalid User | Ratio |\n|-----------|-----------|--------------|-------|\n| bcrypt ($2) | ~100 ms | ~100 ns | 1,000,000:1 |\n| SHA-512 | ~1-5 us | ~100 ns | 10-50:1 |\n| SHA-256 | ~1-5 us | ~100 ns | 10-50:1 |\n\n## Impact\n\n- **Username enumeration:** Attacker reliably determines which usernames exist by measuring response latency\n- **Targeted brute force:** After enumerating valid usernames, password brute force is focused only on real accounts\n- **Account discovery:** In applications where usernames are sensitive (internal tools, admin panels), leaking their existence is itself a security issue\n\n## Notes\n\n- Password hash comparisons themselves are timing-safe: `subtle.ConstantTimeCompare` is used correctly for SHA-256 (line 185), SHA-512 (line 176), and bcrypt uses its own constant-time comparison\n- The fix is to always execute a dummy hash comparison for unknown users: `bcrypt.CompareHashAndPassword(dummyHash, []byte(pass))` and discard the result\n- This pattern matches CVE-2023-36456 (Authentik timing oracle) and similar findings in other auth libraries",
  "id": "GHSA-g5vh-55hw-rxm8",
  "modified": "2026-07-02T13:46:25Z",
  "published": "2026-07-02T13:46:25Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/gofiber/fiber/security/advisories/GHSA-g5vh-55hw-rxm8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/gofiber/fiber"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "GoFiber Vulnerable to Username Enumeration via Timing Oracle in BasicAuth Default Authorizer"
}

GHSA-G62R-H4Q8-QX29

Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-05-24 19:02
VLAI
Details

Nordic Semiconductor nRF52840 devices through 2020-10-19 have improper protection against physical side channels. The flash read-out protection (APPROTECT) can be bypassed by injecting a fault during the boot phase.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-27211"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-74"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-21T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Nordic Semiconductor nRF52840 devices through 2020-10-19 have improper protection against physical side channels. The flash read-out protection (APPROTECT) can be bypassed by injecting a fault during the boot phase.",
  "id": "GHSA-g62r-h4q8-qx29",
  "modified": "2022-05-24T19:02:57Z",
  "published": "2022-05-24T19:02:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27211"
    },
    {
      "type": "WEB",
      "url": "https://eprint.iacr.org/2021/640"
    },
    {
      "type": "WEB",
      "url": "https://infocenter.nordicsemi.com/pdf/in_133_v1.0.pdf"
    },
    {
      "type": "WEB",
      "url": "https://limitedresults.com/2020/06/nrf52-debug-resurrection-approtect-bypass"
    },
    {
      "type": "WEB",
      "url": "https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/security-and-trust-in-open-source-security-tokens.html"
    },
    {
      "type": "WEB",
      "url": "https://www.aisec.fraunhofer.de/en/FirmwareProtection.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G64F-MXRQ-5H8C

Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2022-05-24 19:14
VLAI
Details

In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third parties.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-34576"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-16T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third parties.",
  "id": "GHSA-g64f-mxrq-5h8c",
  "modified": "2022-05-24T19:14:51Z",
  "published": "2022-05-24T19:14:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34576"
    },
    {
      "type": "WEB",
      "url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34576.en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-G759-2X5W-F89C

Vulnerability from github – Published: 2024-02-21 18:31 – Updated: 2024-03-19 18:31
VLAI
Details

An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search={NAME]+{SURNAME] endpoint, and the /login endpoint. The web application provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-45177"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-21T16:15:49Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search={NAME]+{SURNAME] endpoint, and the /login endpoint. The web application provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.",
  "id": "GHSA-g759-2x5w-f89c",
  "modified": "2024-03-19T18:31:58Z",
  "published": "2024-02-21T18:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45177"
    },
    {
      "type": "WEB",
      "url": "https://www.gruppotim.it/it/footer/red-team.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G854-MV2R-2R5H

Vulnerability from github – Published: 2023-07-24 18:30 – Updated: 2025-04-15 12:30
VLAI
Details

A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3640"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-385"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-24T16:15:13Z",
    "severity": "HIGH"
  },
  "details": "A possible unauthorized memory access flaw was found in the Linux kernel\u0027s cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the \u0027Randomize per-cpu entry area\u0027 feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system.",
  "id": "GHSA-g854-mv2r-2r5h",
  "modified": "2025-04-15T12:30:24Z",
  "published": "2023-07-24T18:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3640"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:6583"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-3640"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217523"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G9P5-P7H5-P2WG

Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2025-12-03 15:30
VLAI
Details

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. (There is also an interoperability problem because the selection of the k integer value does not properly consider the differences between basic ElGamal encryption and generalized ElGamal encryption.) This, for example, affects use of ElGamal in OpenPGP.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-33560"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-325"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-08T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. (There is also an interoperability problem because the selection of the k integer value does not properly consider the differences between basic ElGamal encryption and generalized ElGamal encryption.) This, for example, affects use of ElGamal in OpenPGP.",
  "id": "GHSA-g9p5-p7h5-p2wg",
  "modified": "2025-12-03T15:30:27Z",
  "published": "2022-05-24T19:04:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33560"
    },
    {
      "type": "WEB",
      "url": "https://dev.gnupg.org/T5305"
    },
    {
      "type": "WEB",
      "url": "https://dev.gnupg.org/T5328"
    },
    {
      "type": "WEB",
      "url": "https://dev.gnupg.org/T5466"
    },
    {
      "type": "WEB",
      "url": "https://dev.gnupg.org/rCe8b7f10be275bcedb5fc05ed4837a89bfd605c61"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BKKTOIGFW2SGN3DO2UHHVZ7MJSYN4AAB"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7OAPCUGPF3VLA7QAJUQSL255D4ITVTL"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BKKTOIGFW2SGN3DO2UHHVZ7MJSYN4AAB"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7OAPCUGPF3VLA7QAJUQSL255D4ITVTL"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202210-13"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GC7R-MR2H-CG8H

Vulnerability from github – Published: 2024-11-19 21:31 – Updated: 2024-11-20 18:32
VLAI
Details

In the LG LAF component, there is a special command that allowed modification of certain partitions. This could lead to bypass of secure boot. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-9364"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-19T20:15:27Z",
    "severity": "HIGH"
  },
  "details": "In the LG LAF component, there is a special command that allowed modification of certain partitions. This could lead to bypass of secure boot. User interaction is not needed for exploitation.",
  "id": "GHSA-gc7r-mr2h-cg8h",
  "modified": "2024-11-20T18:32:16Z",
  "published": "2024-11-19T21:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9364"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2018-06-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GC93-42JM-WCM5

Vulnerability from github – Published: 2023-10-30 18:30 – Updated: 2023-11-06 18:30
VLAI
Details

In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-21325"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-30T17:15:49Z",
    "severity": "MODERATE"
  },
  "details": "In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.",
  "id": "GHSA-gc93-42jm-wcm5",
  "modified": "2023-11-06T18:30:18Z",
  "published": "2023-10-30T18:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21325"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/docs/security/bulletin/android-14"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GCG5-86JR-F7JG

Vulnerability from github – Published: 2026-05-07 00:03 – Updated: 2026-05-08 21:47
VLAI
Summary
Weblate Vulnerable to Private Translation Enumeration via Screenshot API
Details

Impact

The screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user.

Patches

  • https://github.com/WeblateOrg/weblate/pull/19258

Acknowledgement

Weblate thanks Luay for reporting this vulnerability according to the organization's security issues guideline.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "weblate"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.17.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44263"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-07T00:03:50Z",
    "nvd_published_at": "2026-05-07T15:16:10Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nThe screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user.\n\n### Patches\n* https://github.com/WeblateOrg/weblate/pull/19258\n\n### Acknowledgement\nWeblate thanks Luay for reporting this vulnerability according to the organization\u0027s [security issues guideline](https://docs.weblate.org/en/latest/security/issues.html).",
  "id": "GHSA-gcg5-86jr-f7jg",
  "modified": "2026-05-08T21:47:47Z",
  "published": "2026-05-07T00:03:50Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-gcg5-86jr-f7jg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44263"
    },
    {
      "type": "WEB",
      "url": "https://github.com/WeblateOrg/weblate/pull/19258"
    },
    {
      "type": "WEB",
      "url": "https://github.com/WeblateOrg/weblate/commit/6cf892c7bd50b667a65a99d716a90694f7d9f203"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/WeblateOrg/weblate"
    },
    {
      "type": "WEB",
      "url": "https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.17.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Weblate Vulnerable to Private Translation Enumeration via Screenshot API"
}

GHSA-GF86-2HWM-RMXM

Vulnerability from github – Published: 2024-06-16 18:31 – Updated: 2024-08-07 18:30
VLAI
Details

Shenzhen Guoxin Synthesis image system before 8.3.0 allows username enumeration because of the response discrepancy of incorrect versus error.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-38465"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-16T16:15:09Z",
    "severity": "MODERATE"
  },
  "details": "Shenzhen Guoxin Synthesis image system before 8.3.0 allows username enumeration because of the response discrepancy of incorrect versus error.",
  "id": "GHSA-gf86-2hwm-rmxm",
  "modified": "2024-08-07T18:30:40Z",
  "published": "2024-06-16T18:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38465"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Pumpkin-ito/Cve-Vuln/blob/main/Guosen%20synthetic%20imaging%20system%20vulnerability.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-39
Implementation
  • Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
  • If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
  • Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
CAPEC-189: Black Box Reverse Engineering

An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs. Black Box Reverse Engineering also refers to gathering physical side effects of a hardware device, such as electromagnetic radiation or sounds.