CWE-312
AllowedCleartext Storage of Sensitive Information
Abstraction: Base · Status: Draft
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
1017 vulnerabilities reference this CWE, most recent first.
GHSA-7F64-HFXQ-83H4
Vulnerability from github – Published: 2022-05-13 01:16 – Updated: 2022-05-13 01:16Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI device. An attacker with access to this sensitive data and physical access to the PMI m107 diag can modify data on the HMI device.
{
"affected": [],
"aliases": [
"CVE-2018-19009"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-01-25T20:29:00Z",
"severity": "HIGH"
},
"details": "Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI device. An attacker with access to this sensitive data and physical access to the PMI m107 diag can modify data on the HMI device.",
"id": "GHSA-7f64-hfxq-83h4",
"modified": "2022-05-13T01:16:11Z",
"published": "2022-05-13T01:16:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19009"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-010-03"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106529"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7F94-WGHQ-3RP7
Vulnerability from github – Published: 2022-01-26 00:00 – Updated: 2022-02-02 00:02Charactell - FormStorm Enterprise Account takeover – An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file.
{
"affected": [],
"aliases": [
"CVE-2022-22789"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-25T20:15:00Z",
"severity": "HIGH"
},
"details": "Charactell - FormStorm Enterprise Account takeover \u2013 An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file.",
"id": "GHSA-7f94-wghq-3rp7",
"modified": "2022-02-02T00:02:02Z",
"published": "2022-01-26T00:00:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22789"
},
{
"type": "WEB",
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-7G9P-CVCV-XGP8
Vulnerability from github – Published: 2022-02-25 00:00 – Updated: 2025-04-17 21:30Due to usernames/passwords being stored in plaintext in Random Access Memory (RAM), a local, authenticated attacker could gain access to certain credentials, including Windows Logon credentials.
{
"affected": [],
"aliases": [
"CVE-2020-14480"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-24T19:15:00Z",
"severity": "MODERATE"
},
"details": "Due to usernames/passwords being stored in plaintext in Random Access Memory (RAM), a local, authenticated attacker could gain access to certain credentials, including Windows Logon credentials.",
"id": "GHSA-7g9p-cvcv-xgp8",
"modified": "2025-04-17T21:30:37Z",
"published": "2022-02-25T00:00:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14480"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-177-03"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7GGP-FC92-X5M6
Vulnerability from github – Published: 2021-12-31 00:00 – Updated: 2022-01-12 00:02Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device.
{
"affected": [],
"aliases": [
"CVE-2021-20171"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-30T22:15:00Z",
"severity": "MODERATE"
},
"details": "Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device\u0027s associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device.",
"id": "GHSA-7ggp-fc92-x5m6",
"modified": "2022-01-12T00:02:08Z",
"published": "2021-12-31T00:00:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20171"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/research/tra-2021-55"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-7GM3-HGJ4-PGXQ
Vulnerability from github – Published: 2025-07-16 12:30 – Updated: 2025-07-16 12:30This vulnerability exists in Digisol DG-GR6821AC Router due to storage of credentials and PINS without encryption in the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the unencrypted data stored in the firmware of targeted device.
Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the network of the targeted device.
{
"affected": [],
"aliases": [
"CVE-2025-53755"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-16T12:15:30Z",
"severity": "MODERATE"
},
"details": "This vulnerability exists in Digisol DG-GR6821AC Router due to storage of credentials and PINS without encryption in the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the unencrypted data stored in the firmware of targeted device.\n\nSuccessful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the network of the targeted device.",
"id": "GHSA-7gm3-hgj4-pgxq",
"modified": "2025-07-16T12:30:27Z",
"published": "2025-07-16T12:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53755"
},
{
"type": "WEB",
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2025-0147"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-7HH5-PRP2-MFH5
Vulnerability from github – Published: 2026-05-21 17:42 – Updated: 2026-05-21 17:42Summary
Amazon SageMaker Python SDK is an open-source library for training and deploying machine learning models on Amazon SageMaker. An issue exists where, under certain circumstances, the ModelBuilder/Serve component stores an HMAC signing key in cleartext as a container environment variable, which is returned in plaintext by SageMaker describe APIs.
Impact
When using ModelBuilder to build and deploy models with affected model servers (TorchServe, Multi-Model Server, TensorFlow Serving, SMD, or Triton), the SDK generates an HMAC secret key for model artifact integrity verification and stores it as the SAGEMAKER_SERVE_SECRET_KEY environment variable in the SageMaker model container configuration. This environment variable is returned in plaintext by the DescribeModel, DescribeEndpointConfig, and DescribeModelPackage APIs. A remote authenticated actor with permissions to call these describe APIs and S3 write access to the model artifact path could extract the key, forge valid integrity signatures for specially crafted model artifacts, and achieve code execution in inference containers with the SageMaker execution role's IAM permissions.
Impacted versions: >= v2.199.0 AND <= v2.257.1, >= v3.0.0 AND <= v3.7.1
Patches
This issue has been addressed in Amazon SageMaker Python SDK v2.257.2 and v3.8.0. AWS recommend upgrading to the latest version and rebuilding any models previously created with ModelBuilder using the updated SDK. Models created with affected versions may still have the HMAC key stored in their container environment variables until they are rebuilt with the patched SDK. Ensure any forked or derivative code is patched to incorporate the new fixes.
Workarounds
If upgrading is not immediately possible, users can manually remove the SAGEMAKER_SERVE_SECRET_KEY environment variable from existing SageMaker models by recreating the model without this variable in the container environment configuration.
References
If there any questions or comments about this advisory, contact AWS Security via the vulnerability reporting page or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.257.1"
},
"package": {
"ecosystem": "PyPI",
"name": "sagemaker"
},
"ranges": [
{
"events": [
{
"introduced": "2.199.0"
},
{
"fixed": "2.257.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.7.1"
},
"package": {
"ecosystem": "PyPI",
"name": "sagemaker"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.8.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-8596"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-21T17:42:40Z",
"nvd_published_at": "2026-05-14T20:17:21Z",
"severity": "HIGH"
},
"details": "## Summary\nAmazon SageMaker Python SDK is an open-source library for training and deploying machine learning models on Amazon SageMaker. An issue exists where, under certain circumstances, the ModelBuilder/Serve component stores an HMAC signing key in cleartext as a container environment variable, which is returned in plaintext by SageMaker describe APIs.\n\n## Impact\nWhen using ModelBuilder to build and deploy models with affected model servers (TorchServe, Multi-Model Server, TensorFlow Serving, SMD, or Triton), the SDK generates an HMAC secret key for model artifact integrity verification and stores it as the SAGEMAKER_SERVE_SECRET_KEY environment variable in the SageMaker model container configuration. This environment variable is returned in plaintext by the DescribeModel, DescribeEndpointConfig, and DescribeModelPackage APIs. A remote authenticated actor with permissions to call these describe APIs and S3 write access to the model artifact path could extract the key, forge valid integrity signatures for specially crafted model artifacts, and achieve code execution in inference containers with the SageMaker execution role\u0027s IAM permissions.\n\n**Impacted versions:** \u003e= v2.199.0 AND \u003c= v2.257.1, \u003e= v3.0.0 AND \u003c= v3.7.1\n\n## Patches\nThis issue has been addressed in Amazon SageMaker Python SDK v2.257.2 and v3.8.0. AWS recommend upgrading to the latest version and rebuilding any models previously created with ModelBuilder using the updated SDK. Models created with affected versions may still have the HMAC key stored in their container environment variables until they are rebuilt with the patched SDK. Ensure any forked or derivative code is patched to incorporate the new fixes.\n\n## Workarounds\nIf upgrading is not immediately possible, users can manually remove the SAGEMAKER_SERVE_SECRET_KEY environment variable from existing SageMaker models by recreating the model without this variable in the container environment configuration.\n\n## References\nIf there any questions or comments about this advisory, contact AWS Security via the [vulnerability reporting page](https://aws.amazon.com/security/vulnerability-reporting) or directly via email to [aws-security@amazon.com](mailto:aws-security@amazon.com). Please do not create a public GitHub issue.",
"id": "GHSA-7hh5-prp2-mfh5",
"modified": "2026-05-21T17:42:40Z",
"published": "2026-05-21T17:42:40Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-7hh5-prp2-mfh5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8596"
},
{
"type": "WEB",
"url": "https://aws.amazon.com/security/security-bulletins/2026-031-aws"
},
{
"type": "PACKAGE",
"url": "https://github.com/aws/sagemaker-python-sdk"
},
{
"type": "WEB",
"url": "https://github.com/aws/sagemaker-python-sdk/releases/tag/v2.257.2"
},
{
"type": "WEB",
"url": "https://github.com/aws/sagemaker-python-sdk/releases/tag/v3.8.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
"type": "CVSS_V4"
}
],
"summary": "Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path"
}
GHSA-7HP3-5W4X-8F7C
Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2023-10-27 15:46Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file com.soasta.jenkins.CloudTestServer.xml on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system.
As of publication of this advisory there is no fix.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.soasta.jenkins:cloudtest"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.25"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-10451"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": true,
"github_reviewed_at": "2023-10-27T15:46:33Z",
"nvd_published_at": "2019-10-16T14:15:00Z",
"severity": "MODERATE"
},
"details": "Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file `com.soasta.jenkins.CloudTestServer.xml` on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system.\n\nAs of publication of this advisory there is no fix.",
"id": "GHSA-7hp3-5w4x-8f7c",
"modified": "2023-10-27T15:46:33Z",
"published": "2022-05-24T16:58:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10451"
},
{
"type": "WEB",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1439"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Jenkins SOASTA CloudTest Plugin stores API token in plain text"
}
GHSA-7J38-84H7-4XCV
Vulnerability from github – Published: 2025-05-29 21:31 – Updated: 2025-05-29 21:31Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability. A high privileged attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.
{
"affected": [],
"aliases": [
"CVE-2025-32752"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-29T19:15:27Z",
"severity": "MODERATE"
},
"details": "Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability. A high privileged attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.",
"id": "GHSA-7j38-84h7-4xcv",
"modified": "2025-05-29T21:31:37Z",
"published": "2025-05-29T21:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32752"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000325632/dsa-2025-225"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-7JWV-QG8R-CQPF
Vulnerability from github – Published: 2023-07-20 18:33 – Updated: 2024-04-04 06:17Dell Wyse ThinOS versions prior to 2306 (9.4.2103) contain a sensitive information disclosure vulnerability. A malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.
{
"affected": [],
"aliases": [
"CVE-2023-32447"
],
"database_specific": {
"cwe_ids": [
"CWE-312",
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-20T13:15:11Z",
"severity": "MODERATE"
},
"details": "\nDell Wyse ThinOS versions prior to 2306 (9.4.2103) contain a sensitive information disclosure vulnerability. A malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.\n\n",
"id": "GHSA-7jwv-qg8r-cqpf",
"modified": "2024-04-04T06:17:46Z",
"published": "2023-07-20T18:33:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32447"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000215864/dsa-2023-247"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7M3V-93H9-W27H
Vulnerability from github – Published: 2024-03-09 06:30 – Updated: 2024-08-27 00:31An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011, allows remote attackers to obtain sensitive information via cleartext credential storage in backup.htm component.
{
"affected": [],
"aliases": [
"CVE-2023-49341"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-09T05:15:08Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011, allows remote attackers to obtain sensitive information via cleartext credential storage in backup.htm component.",
"id": "GHSA-7m3v-93h9-w27h",
"modified": "2024-08-27T00:31:32Z",
"published": "2024-03-09T06:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49341"
},
{
"type": "WEB",
"url": "https://github.com/n0obit4/Vulnerability_Disclosure/tree/main/CVE-2023-49341"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301]
Mitigation
In some systems/environments such as cloud, the use of "double encryption" (at both the software and hardware layer) might be required, and the developer might be solely responsible for both layers, instead of shared responsibility with the administrator of the broader system/environment.
CAPEC-37: Retrieve Embedded Sensitive Data
An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.