Common Weakness Enumeration

CWE-312

Allowed

Cleartext Storage of Sensitive Information

Abstraction: Base · Status: Draft

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

1017 vulnerabilities reference this CWE, most recent first.

GHSA-4W46-W44M-3JQ3

Vulnerability from github – Published: 2020-12-28 16:33 – Updated: 2021-01-07 22:32
VLAI
Summary
Parse Server stores password in plain text
Details

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping password after authentication to prevent cleartext password storage.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "parse-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-26288"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-12-28T16:32:50Z",
    "nvd_published_at": "2020-12-30T20:15:00Z",
    "severity": "LOW"
  },
  "details": "Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.\nIn Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext.\nThis is fixed in version 4.5.0 by stripping password after authentication to prevent cleartext password storage.",
  "id": "GHSA-4w46-w44m-3jq3",
  "modified": "2021-01-07T22:32:25Z",
  "published": "2020-12-28T16:33:17Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-4w46-w44m-3jq3"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26288"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/commit/da905a357d062ab4fea727a21eac231acc2ed92a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/releases/tag/4.5.0"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1593"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/package/parse-server"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Parse Server stores password in plain text"
}

GHSA-4WW8-FPRQ-CQ34

Vulnerability from github – Published: 2024-08-22 09:30 – Updated: 2024-08-23 21:17
VLAI
Summary
Mattermost doesn't redact remote users' original email addresses
Details

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2, when shared channels are enabled, fail to redact remote users' original email addresses stored in user props when email addresses are otherwise configured not to be visible in the local server.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost/server/v8"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.9.0"
            },
            {
              "fixed": "9.9.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost/server/v8"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.5.0"
            },
            {
              "fixed": "9.5.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost/server/v8"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.10.0"
            },
            {
              "fixed": "9.10.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/mattermost/mattermost/server/v8"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.8.0"
            },
            {
              "fixed": "9.8.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-32939"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-312"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-08-23T21:17:12Z",
    "nvd_published_at": "2024-08-22T07:15:03Z",
    "severity": "MODERATE"
  },
  "details": "Mattermost versions 9.9.x \u003c= 9.9.1, 9.5.x \u003c= 9.5.7, 9.10.x \u003c= 9.10.0, 9.8.x \u003c= 9.8.2, when shared channels are enabled, fail to redact remote users\u0027 original email addresses stored in user props when email addresses are otherwise configured not to be visible in the local server.",
  "id": "GHSA-4ww8-fprq-cq34",
  "modified": "2024-08-23T21:17:12Z",
  "published": "2024-08-22T09:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32939"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mattermost/mattermost"
    },
    {
      "type": "WEB",
      "url": "https://mattermost.com/security-updates"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Mattermost doesn\u0027t redact remote users\u0027 original email addresses"
}

GHSA-4WX5-C723-XVWV

Vulnerability from github – Published: 2022-05-24 17:15 – Updated: 2022-12-16 23:00
VLAI
Summary
Credentials stored in plain text by Jenkins Copr Plugin
Details

Copr Plugin 0.3 and earlier stores credentials unencrypted in job config.xml files as part of its configuration. These credentials can be viewed by users with Extended Read permission or access to the Jenkins controller file system.

Copr Plugin 0.6.1 stores these credentials encrypted. This change is effective once the job configuration is saved the next time.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.3"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.fedoraproject.jenkins.plugins:copr"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-2177"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-256",
      "CWE-312"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-16T23:00:33Z",
    "nvd_published_at": "2020-04-16T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Copr Plugin 0.3 and earlier stores credentials unencrypted in job `config.xml` files as part of its configuration. These credentials can be viewed by users with Extended Read permission or access to the Jenkins controller file system.\n\nCopr Plugin 0.6.1 stores these credentials encrypted. This change is effective once the job configuration is saved the next time.",
  "id": "GHSA-4wx5-c723-xvwv",
  "modified": "2022-12-16T23:00:33Z",
  "published": "2022-05-24T17:15:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2177"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/copr-plugin/commit/23ea581364d64645cd90d2c5d97a4b94781f61f9"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/copr-plugin"
    },
    {
      "type": "WEB",
      "url": "https://jenkins.io/security/advisory/2020-04-16/#SECURITY-1556"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/04/16/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Credentials stored in plain text by Jenkins Copr Plugin"
}

GHSA-4X65-4FJX-R7M6

Vulnerability from github – Published: 2023-01-26 21:30 – Updated: 2023-02-03 20:39
VLAI
Summary
Plaintext storage of Access Token in Jenkins GitHub Pull Request Coverage Status Plugin
Details

Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:github-pr-coverage-status"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-24442"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-256",
      "CWE-312"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-01-27T01:03:17Z",
    "nvd_published_at": "2023-01-26T21:18:00Z",
    "severity": "MODERATE"
  },
  "details": "Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.",
  "id": "GHSA-4x65-4fjx-r7m6",
  "modified": "2023-02-03T20:39:15Z",
  "published": "2023-01-26T21:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24442"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2767"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Plaintext storage of Access Token in Jenkins GitHub Pull Request Coverage Status Plugin"
}

GHSA-4X99-8PJ6-G63H

Vulnerability from github – Published: 2023-08-31 03:30 – Updated: 2024-04-04 07:18
VLAI
Details

Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files. SNMP credentials could be seen in SANnav SupportSave if the capture is performed after an SNMP configuration failure causes an SNMP communication log dump.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-31925"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-31T01:15:08Z",
    "severity": "MODERATE"
  },
  "details": "Brocade\n SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords\n in plaintext. A privileged user could retrieve these credentials with \nknowledge and access to these log files. SNMP \ncredentials could be seen in SANnav SupportSave if the capture is \nperformed after an SNMP configuration failure causes an SNMP \ncommunication log dump.\n\n\n",
  "id": "GHSA-4x99-8pj6-g63h",
  "modified": "2024-04-04T07:18:19Z",
  "published": "2023-08-31T03:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31925"
    },
    {
      "type": "WEB",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22506"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4XHV-QC2F-6267

Vulnerability from github – Published: 2024-06-29 21:30 – Updated: 2024-11-25 21:30
VLAI
Details

NewPass before 1.2.0 stores passwords (rather than password hashes) directly, which makes it easier to obtain unauthorized access to sensitive information. NOTE: in each case, data at rest is encrypted, but is decrypted within process memory during use.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-39846"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-29T21:15:09Z",
    "severity": "LOW"
  },
  "details": "NewPass before 1.2.0 stores passwords (rather than password hashes) directly, which makes it easier to obtain unauthorized access to sensitive information. NOTE: in each case, data at rest is encrypted, but is decrypted within process memory during use.",
  "id": "GHSA-4xhv-qc2f-6267",
  "modified": "2024-11-25T21:30:48Z",
  "published": "2024-06-29T21:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39846"
    },
    {
      "type": "WEB",
      "url": "https://github.com/6eero/NewPass/commit/13f0a844d64927450fa751deb7cc06beba699720"
    },
    {
      "type": "WEB",
      "url": "https://github.com/6eero/NewPass/releases/tag/v1.2.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4XQV-47RM-37MM

Vulnerability from github – Published: 2024-10-02 19:29 – Updated: 2024-11-13 23:24
VLAI
Summary
OpenC3 stores passwords in clear text (`GHSL-2024-129`)
Details

Summary

OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting (see GHSL-2024-128).

Note: This CVE only affects Open Source edition, and not OpenC3 COSMOS Enterprise Edition

Impact

This issue may lead to Information Disclosure.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "openc3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.19.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@openc3/tool-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.19.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "openc3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.19.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-47529"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312",
      "CWE-522"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-10-02T19:29:35Z",
    "nvd_published_at": "2024-10-02T20:15:11Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nOpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting (see GHSL-2024-128).\n\nNote: This CVE only affects Open Source edition, and not OpenC3 COSMOS Enterprise Edition\n\n### Impact\nThis issue may lead to Information Disclosure.",
  "id": "GHSA-4xqv-47rm-37mm",
  "modified": "2024-11-13T23:24:16Z",
  "published": "2024-10-02T19:29:35Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/OpenC3/cosmos/security/advisories/GHSA-4xqv-47rm-37mm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47529"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenC3/cosmos/commit/b5ab34fe7fa54c0c8171c4aa3caf4e03d6f63bd7"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/OpenC3/cosmos"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/openc3/PYSEC-2024-121.yaml"
    },
    {
      "type": "ADVISORY",
      "url": "https://securitylab.github.com/advisories/GHSL-2024-127_GHSL-2024-129_OpenC3_COSMOS"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenC3 stores passwords in clear text (`GHSL-2024-129`)"
}

GHSA-52G9-8355-62QV

Vulnerability from github – Published: 2022-05-24 17:18 – Updated: 2023-12-31 15:30
VLAI
Details

If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice's default ODF file format, then affected versions of LibreOffice default that subsequent saves of the document are unencrypted. This may lead to a user accidentally saving a MSOffice file format document unencrypted while believing it to be encrypted. This issue affects: LibreOffice 6-3 series versions prior to 6.3.6; 6-4 series versions prior to 6.4.3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-12801"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-311",
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-05-18T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice\u0027s default ODF file format, then affected versions of LibreOffice default that subsequent saves of the document are unencrypted. This may lead to a user accidentally saving a MSOffice file format document unencrypted while believing it to be encrypted. This issue affects: LibreOffice 6-3 series versions prior to 6.3.6; 6-4 series versions prior to 6.4.3.",
  "id": "GHSA-52g9-8355-62qv",
  "modified": "2023-12-31T15:30:24Z",
  "published": "2022-05-24T17:18:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12801"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html"
    },
    {
      "type": "WEB",
      "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12801"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00011.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-53G5-CHM2-F34R

Vulnerability from github – Published: 2024-03-25 15:30 – Updated: 2024-08-01 21:31
VLAI
Details

An issue in axonaut v.3.1.23 and before allows a remote attacker to obtain sensitive information via the log.txt component.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-28387"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-25T14:15:09Z",
    "severity": "HIGH"
  },
  "details": "An issue in axonaut v.3.1.23 and before allows a remote attacker to obtain sensitive information via the log.txt component.",
  "id": "GHSA-53g5-chm2-f34r",
  "modified": "2024-08-01T21:31:39Z",
  "published": "2024-03-25T15:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28387"
    },
    {
      "type": "WEB",
      "url": "https://axonaut.com/integration/detail/prestashop"
    },
    {
      "type": "WEB",
      "url": "https://security.friendsofpresta.org/modules/2024/03/19/axonaut.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-544J-92PR-W749

Vulnerability from github – Published: 2022-05-24 19:20 – Updated: 2022-05-24 19:20
VLAI
Details

IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-38949"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-16T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403.",
  "id": "GHSA-544j-92pr-w749",
  "modified": "2022-05-24T19:20:48Z",
  "published": "2022-05-24T19:20:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38949"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/211403"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6516424"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301]

Mitigation
Implementation System Configuration Operation

In some systems/environments such as cloud, the use of "double encryption" (at both the software and hardware layer) might be required, and the developer might be solely responsible for both layers, instead of shared responsibility with the administrator of the broader system/environment.

CAPEC-37: Retrieve Embedded Sensitive Data

An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.