CWE-209
Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.
CVE-2023-25956 (GCVE-0-2023-25956)
Vulnerability from cvelistv5 – Published: 2023-02-24 11:48 – Updated: 2024-10-23 16:44
VLAI
Title
Apache Airflow AWS Provider: Arbitrary file read via AWS provider
Summary
Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider.
This issue affects Apache Airflow AWS Provider versions before 7.2.1.
Severity
No CVSS data available.
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/apache/airflow/pull/29587 | patch |
| https://lists.apache.org/thread/07pl9y4gdpw2c6rzq… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Airflow AWS Provider |
Affected:
0 , < 7.2.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/apache/airflow/pull/29587"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/07pl9y4gdpw2c6rzqm77dvkm2z2kb5gv"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:apache-airflow-providers-amazon:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apache-airflow-providers-amazon",
"vendor": "apache",
"versions": [
{
"lessThan": "7.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-25956",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T16:43:26.908971Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T16:44:57.125Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Airflow AWS Provider",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "7.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Using the \"AWS\" Provider for Apache Airflow\u003cbr\u003e"
}
],
"value": "Using the \"AWS\" Provider for Apache Airflow\n"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Son Tran from VNPT - VCI"
},
{
"lang": "en",
"type": "finder",
"value": "kuteminh11"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Apache Airflow AWS Provider versions before 7.2.1.\u003c/p\u003e"
}
],
"value": "Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider.\n\nThis issue affects Apache Airflow AWS Provider versions before 7.2.1.\n\n"
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-07T08:23:44.307Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/airflow/pull/29587"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/07pl9y4gdpw2c6rzqm77dvkm2z2kb5gv"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Airflow AWS Provider: Arbitrary file read via AWS provider",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-25956",
"datePublished": "2023-02-24T11:48:33.110Z",
"dateReserved": "2023-02-17T10:12:03.880Z",
"dateUpdated": "2024-10-23T16:44:57.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26051 (GCVE-0-2023-26051)
Vulnerability from cvelistv5 – Published: 2023-03-02 18:29 – Updated: 2025-03-05 20:41
VLAI
Title
Saleor is vulnerable to staff-authenticated error message information disclosure vulnerability via Python exceptions
Summary
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests.
Severity
6.5 (Medium)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://github.com/saleor/saleor/security/advisor… | x_refsource_CONFIRM |
| https://github.com/saleor/saleor/commit/31bce881c… | x_refsource_MISC |
| https://github.com/saleor/saleor/releases/tag/3.1.48 | x_refsource_MISC |
| https://github.com/saleor/saleor/releases/tag/3.10.14 | x_refsource_MISC |
| https://github.com/saleor/saleor/releases/tag/3.11.12 | x_refsource_MISC |
| https://github.com/saleor/saleor/releases/tag/3.7.59 | x_refsource_MISC |
| https://github.com/saleor/saleor/releases/tag/3.8.30 | x_refsource_MISC |
| https://github.com/saleor/saleor/releases/tag/3.9.27 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/saleor/saleor/security/advisories/GHSA-r8qr-wwg3-2r85",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/security/advisories/GHSA-r8qr-wwg3-2r85"
},
{
"name": "https://github.com/saleor/saleor/commit/31bce881ccccf0d79a9b14ecb6ca3138d1edeec1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/commit/31bce881ccccf0d79a9b14ecb6ca3138d1edeec1"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.1.48",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.1.48"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.10.14",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.10.14"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.11.12",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.11.12"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.7.59",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.7.59"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.8.30",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.8.30"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.9.27",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.9.27"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26051",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T20:41:09.751361Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T20:41:26.937Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "saleor",
"vendor": "saleor",
"versions": [
{
"status": "affected",
"version": " \u003e= 2.0.0, \u003c 3.1.48"
},
{
"status": "affected",
"version": "\u003e= 3.11.0, \u003c 3.11.12"
},
{
"status": "affected",
"version": "\u003e= 3.10.0, \u003c 3.10.14"
},
{
"status": "affected",
"version": "\u003e= 3.9.0, \u003c 3.9.27"
},
{
"status": "affected",
"version": "\u003e= 3.8.0, \u003c 3.8.30"
},
{
"status": "affected",
"version": "\u003e= 3.7.0, \u003c 3.7.59"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209: Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-02T18:29:48.611Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/saleor/saleor/security/advisories/GHSA-r8qr-wwg3-2r85",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/saleor/saleor/security/advisories/GHSA-r8qr-wwg3-2r85"
},
{
"name": "https://github.com/saleor/saleor/commit/31bce881ccccf0d79a9b14ecb6ca3138d1edeec1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/31bce881ccccf0d79a9b14ecb6ca3138d1edeec1"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.1.48",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.1.48"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.10.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.10.14"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.11.12",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.11.12"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.7.59",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.7.59"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.8.30",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.8.30"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.9.27",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.9.27"
}
],
"source": {
"advisory": "GHSA-r8qr-wwg3-2r85",
"discovery": "UNKNOWN"
},
"title": "Saleor is vulnerable to staff-authenticated error message information disclosure vulnerability via Python exceptions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-26051",
"datePublished": "2023-03-02T18:29:48.611Z",
"dateReserved": "2023-02-17T22:44:03.150Z",
"dateUpdated": "2025-03-05T20:41:26.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26052 (GCVE-0-2023-26052)
Vulnerability from cvelistv5 – Published: 2023-03-02 18:54 – Updated: 2025-03-05 16:10
VLAI
Title
Saleor is vulnerable to unauthenticated information disclosure via Python exceptions
Summary
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests. This issue has been patched in versions 3.1.48, 3.7.59, 3.8.0, 3.9.27, 3.10.14 and 3.11.12.
Severity
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://github.com/saleor/saleor/security/advisor… | x_refsource_CONFIRM |
| https://github.com/saleor/saleor/releases/tag/3.1.48 | x_refsource_MISC |
| https://github.com/saleor/saleor/releases/tag/3.10.14 | x_refsource_MISC |
| https://github.com/saleor/saleor/releases/tag/3.11.12 | x_refsource_MISC |
| https://github.com/saleor/saleor/releases/tag/3.7.59 | x_refsource_MISC |
| https://github.com/saleor/saleor/releases/tag/3.8.30 | x_refsource_MISC |
| https://github.com/saleor/saleor/releases/tag/3.9.27 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/saleor/saleor/security/advisories/GHSA-3hvj-3cg9-v242",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/security/advisories/GHSA-3hvj-3cg9-v242"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.1.48",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.1.48"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.10.14",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.10.14"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.11.12",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.11.12"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.7.59",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.7.59"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.8.30",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.8.30"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.9.27",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.9.27"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26052",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T16:10:39.389638Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T16:10:59.226Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "saleor",
"vendor": "saleor",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 3.1.48"
},
{
"status": "affected",
"version": "\u003e= 3.11.0, \u003c 3.11.12"
},
{
"status": "affected",
"version": "\u003e= 3.10.0, \u003c 3.10.14"
},
{
"status": "affected",
"version": "\u003e= 3.9.0, \u003c 3.9.27"
},
{
"status": "affected",
"version": "\u003e= 3.8.0, \u003c 3.8.30"
},
{
"status": "affected",
"version": "\u003e= 3.7.0, \u003c 3.7.59"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests. This issue has been patched in versions 3.1.48, 3.7.59, 3.8.0, 3.9.27, 3.10.14 and 3.11.12. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209: Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-02T18:54:33.030Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/saleor/saleor/security/advisories/GHSA-3hvj-3cg9-v242",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/saleor/saleor/security/advisories/GHSA-3hvj-3cg9-v242"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.1.48",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.1.48"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.10.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.10.14"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.11.12",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.11.12"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.7.59",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.7.59"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.8.30",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.8.30"
},
{
"name": "https://github.com/saleor/saleor/releases/tag/3.9.27",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/releases/tag/3.9.27"
}
],
"source": {
"advisory": "GHSA-3hvj-3cg9-v242",
"discovery": "UNKNOWN"
},
"title": "Saleor is vulnerable to unauthenticated information disclosure via Python exceptions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-26052",
"datePublished": "2023-03-02T18:54:33.030Z",
"dateReserved": "2023-02-17T22:44:03.150Z",
"dateUpdated": "2025-03-05T16:10:59.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26272 (GCVE-0-2023-26272)
Vulnerability from cvelistv5 – Published: 2023-08-28 00:05 – Updated: 2024-10-02 13:54
VLAI
Title
IBM Security Guardium Data Encryption information disclosure
Summary
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 248133.
Severity
5.3 (Medium)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6995161 | vendor-advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Guardium Cloud Key Manager |
Affected:
1.10.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:23.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6995161"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/248133"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26272",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T13:54:00.963404Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T13:54:15.565Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Guardium Cloud Key Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.10.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 248133."
}
],
"value": "IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 248133."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-28T00:05:48.844Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6995161"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/248133"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security Guardium Data Encryption information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-26272",
"datePublished": "2023-08-28T00:05:48.844Z",
"dateReserved": "2023-02-21T13:55:23.669Z",
"dateUpdated": "2024-10-02T13:54:15.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27319 (GCVE-0-2023-27319)
Vulnerability from cvelistv5 – Published: 2023-12-21 21:15 – Updated: 2024-08-02 12:09
VLAI
Title
CVE-2023-27319 Information Disclosure Vulnerability in ONTAP Mediator
Summary
ONTAP Mediator versions prior to 1.7 are susceptible to a
vulnerability that can allow an unauthenticated attacker to enumerate
URLs via REST API.
Severity
5.3 (Medium)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NetApp | ONTAP Mediator |
Affected:
0 , < 1.7
(1.7)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231221-0011/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ONTAP Mediator",
"vendor": "NetApp",
"versions": [
{
"lessThan": "1.7",
"status": "affected",
"version": "0",
"versionType": "1.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ONTAP Mediator versions prior to 1.7 are susceptible to a \nvulnerability that can allow an unauthenticated attacker to enumerate \nURLs via REST API.\n\n"
}
],
"value": "ONTAP Mediator versions prior to 1.7 are susceptible to a \nvulnerability that can allow an unauthenticated attacker to enumerate \nURLs via REST API.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-21T21:15:51.018Z",
"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"shortName": "netapp"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20231221-0011/"
}
],
"source": {
"advisory": "NTAP-20231221-0011",
"discovery": "UNKNOWN"
},
"title": " CVE-2023-27319 Information Disclosure Vulnerability in ONTAP Mediator",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"assignerShortName": "netapp",
"cveId": "CVE-2023-27319",
"datePublished": "2023-12-21T21:15:51.018Z",
"dateReserved": "2023-02-28T17:20:57.462Z",
"dateUpdated": "2024-08-02T12:09:43.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27587 (GCVE-0-2023-27587)
Vulnerability from cvelistv5 – Published: 2023-03-13 00:00 – Updated: 2025-02-25 14:58
VLAI
Summary
ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, then it will include the full URL of the request. The request URL contains the Google Cloud API key. This has been patched in commit 8533b01. Upgrading should be accompanied by deleting the current GCP API key and issuing a new one. There are no known workarounds.
Severity
7.4 (High)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| rozbb | readtomyshoe |
Affected:
<= 0.2.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:16:36.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rozbb/readtomyshoe/security/advisories/GHSA-23g5-r34j-mr8g"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rozbb/readtomyshoe/commit/8533b01c818939a0fa919c7244d8dbf5daf032af"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T14:29:49.275990Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T14:58:42.112Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "readtomyshoe",
"vendor": "rozbb",
"versions": [
{
"status": "affected",
"version": "\u003c= 0.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, then it will include the full URL of the request. The request URL contains the Google Cloud API key. This has been patched in commit 8533b01. Upgrading should be accompanied by deleting the current GCP API key and issuing a new one. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209: Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-14T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/rozbb/readtomyshoe/security/advisories/GHSA-23g5-r34j-mr8g"
},
{
"url": "https://github.com/rozbb/readtomyshoe/commit/8533b01c818939a0fa919c7244d8dbf5daf032af"
}
],
"source": {
"advisory": "GHSA-23g5-r34j-mr8g",
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-27587",
"datePublished": "2023-03-13T00:00:00.000Z",
"dateReserved": "2023-03-04T00:00:00.000Z",
"dateUpdated": "2025-02-25T14:58:42.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27860 (GCVE-0-2023-27860)
Vulnerability from cvelistv5 – Published: 2023-04-27 18:59 – Updated: 2025-01-30 20:48
VLAI
Title
IBM Maximo Asset Management information disclosure
Summary
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message. This information could be used in further attacks against the system. IBM X-Force ID: 249207.
Severity
5.3 (Medium)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6985679 | vendor-advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Maximo Asset Management |
Affected:
7.6.1.2, 7.6.1.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6985679"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249207"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27860",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T20:48:47.089441Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T20:48:54.976Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6.1.2, 7.6.1.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message. This information could be used in further attacks against the system. IBM X-Force ID: 249207."
}
],
"value": "IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message. This information could be used in further attacks against the system. IBM X-Force ID: 249207."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T18:59:24.744Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6985679"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249207"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Maximo Asset Management information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-27860",
"datePublished": "2023-04-27T18:59:24.744Z",
"dateReserved": "2023-03-06T20:01:41.707Z",
"dateUpdated": "2025-01-30T20:48:54.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28117 (GCVE-0-2023-28117)
Vulnerability from cvelistv5 – Published: 2023-03-22 19:37 – Updated: 2025-02-25 14:51
VLAI
Title
Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`
Summary
Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their privileges within your application.
In order for these sensitive values to be leaked, the Sentry SDK configuration must have `sendDefaultPII` set to `True`; one must use a custom name for either `SESSION_COOKIE_NAME` or `CSRF_COOKIE_NAME` in one's Django settings; and one must not be configured in one's organization or project settings to use Sentry's data scrubbing features to account for the custom cookie names.
As of version 1.14.0, the Django integration of the `sentry-sdk` will detect the custom cookie names based on one's Django settings and will remove the values from the payload before sending the data to Sentry. As a workaround, use the SDK's filtering mechanism to remove the cookies from the payload that is sent to Sentry. For error events, this can be done with the `before_send` callback method and for performance related events (transactions) one can use the `before_send_transaction` callback method. Those who want to handle filtering of these values on the server-side can also use Sentry's advanced data scrubbing feature to account for the custom cookie names. Look for the `$http.cookies`, `$http.headers`, `$request.cookies`, or `$request.headers` fields to target with a scrubbing rule.
Severity
7.6 (High)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/getsentry/sentry-python/securi… | x_refsource_CONFIRM |
| https://github.com/getsentry/sentry-python/pull/1842 | x_refsource_MISC |
| https://github.com/getsentry/sentry-python/releas… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getsentry | sentry-python |
Affected:
< 1.14.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/getsentry/sentry-python/security/advisories/GHSA-29pr-6jr8-q5jm",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/getsentry/sentry-python/security/advisories/GHSA-29pr-6jr8-q5jm"
},
{
"name": "https://github.com/getsentry/sentry-python/pull/1842",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/getsentry/sentry-python/pull/1842"
},
{
"name": "https://github.com/getsentry/sentry-python/releases/tag/1.14.0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/getsentry/sentry-python/releases/tag/1.14.0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28117",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T14:28:20.007764Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T14:51:37.740Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "sentry-python",
"vendor": "getsentry",
"versions": [
{
"status": "affected",
"version": "\u003c 1.14.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their privileges within your application.\n\nIn order for these sensitive values to be leaked, the Sentry SDK configuration must have `sendDefaultPII` set to `True`; one must use a custom name for either `SESSION_COOKIE_NAME` or `CSRF_COOKIE_NAME` in one\u0027s Django settings; and one must not be configured in one\u0027s organization or project settings to use Sentry\u0027s data scrubbing features to account for the custom cookie names.\n\nAs of version 1.14.0, the Django integration of the `sentry-sdk` will detect the custom cookie names based on one\u0027s Django settings and will remove the values from the payload before sending the data to Sentry. As a workaround, use the SDK\u0027s filtering mechanism to remove the cookies from the payload that is sent to Sentry. For error events, this can be done with the `before_send` callback method and for performance related events (transactions) one can use the `before_send_transaction` callback method. Those who want to handle filtering of these values on the server-side can also use Sentry\u0027s advanced data scrubbing feature to account for the custom cookie names. Look for the `$http.cookies`, `$http.headers`, `$request.cookies`, or `$request.headers` fields to target with a scrubbing rule."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201: Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209: Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-22T19:37:18.748Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/getsentry/sentry-python/security/advisories/GHSA-29pr-6jr8-q5jm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/getsentry/sentry-python/security/advisories/GHSA-29pr-6jr8-q5jm"
},
{
"name": "https://github.com/getsentry/sentry-python/pull/1842",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getsentry/sentry-python/pull/1842"
},
{
"name": "https://github.com/getsentry/sentry-python/releases/tag/1.14.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getsentry/sentry-python/releases/tag/1.14.0"
}
],
"source": {
"advisory": "GHSA-29pr-6jr8-q5jm",
"discovery": "UNKNOWN"
},
"title": "Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-28117",
"datePublished": "2023-03-22T19:37:18.748Z",
"dateReserved": "2023-03-10T18:34:29.228Z",
"dateUpdated": "2025-02-25T14:51:37.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28514 (GCVE-0-2023-28514)
Vulnerability from cvelistv5 – Published: 2023-05-19 14:43 – Updated: 2025-02-12 16:45
VLAI
Title
IBM MQ information disclosure
Summary
IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398.
Severity
6.2 (Medium)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6985835 | vendor-advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entry |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:22.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6985835"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250398"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28514",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T18:16:45.761049Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:45:31.945Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MQ",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.0, 9.0 LTS, 9.0 CD, 9.1 LTS"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398."
}
],
"value": "IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-19T14:43:45.786Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6985835"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250398"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-28514",
"datePublished": "2023-05-19T14:43:45.786Z",
"dateReserved": "2023-03-16T21:05:38.974Z",
"dateUpdated": "2025-02-12T16:45:31.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29193 (GCVE-0-2023-29193)
Vulnerability from cvelistv5 – Published: 2023-04-14 19:01 – Updated: 2025-02-06 18:42
VLAI
Title
SpiceDB binding metrics port to untrusted networks and can leak command-line flags
Summary
SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. The `spicedb serve` command contains a flag named `--grpc-preshared-key` which is used to protect the gRPC API from being accessed by unauthorized requests. The values of this flag are to be considered sensitive, secret data. The `/debug/pprof/cmdline` endpoint served by the metrics service (defaulting running on port `9090`) reveals the command-line flags provided for debugging purposes. If a password is set via the `--grpc-preshared-key` then the key is revealed by this endpoint along with any other flags provided to the SpiceDB binary. This issue has been fixed in version 1.19.1.
### Impact
All deployments abiding by the recommended best practices for production usage are **NOT affected**:
- Authzed's SpiceDB Serverless
- Authzed's SpiceDB Dedicated
- SpiceDB Operator
Users configuring SpiceDB via environment variables are **NOT affected**.
Users **MAY be affected** if they expose their metrics port to an untrusted network and are configuring `--grpc-preshared-key` via command-line flag.
### Patches
TODO
### Workarounds
To workaround this issue you can do one of the following:
- Configure the preshared key via an environment variable (e.g. `SPICEDB_GRPC_PRESHARED_KEY=yoursecret spicedb serve`)
- Reconfigure the `--metrics-addr` flag to bind to a trusted network (e.g. `--metrics-addr=localhost:9090`)
- Disable the metrics service via the flag (e.g. `--metrics-enabled=false`)
- Adopt one of the recommended deployment models: [Authzed's managed services](https://authzed.com/pricing) or the [SpiceDB Operator](https://github.com/authzed/spicedb-operator)
### References
- [GitHub Security Advisory issued for SpiceDB](https://github.com/authzed/spicedb/security/advisories/GHSA-cjr9-mr35-7xh6)
- [Go issue #22085](https://github.com/golang/go/issues/22085) for documenting the risks of exposing pprof to the internet
- [Go issue #42834](https://github.com/golang/go/issues/42834) discusses preventing pprof registration to the default serve mux
- [semgrep rule go.lang.security.audit.net.pprof.pprof-debug-exposure](https://semgrep.dev/r?q=go.lang.security.audit.net.pprof) checks for a variation of this issue
### Credit
We'd like to thank Amit Laish, a security researcher at GE Vernova for responsibly disclosing this vulnerability.
Severity
8.7 (High)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/authzed/spicedb/security/advis… | x_refsource_CONFIRM |
| https://github.com/authzed/spicedb/commit/9bbd7d7… | x_refsource_MISC |
| https://github.com/authzed/spicedb/releases/tag/v1.19.1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/authzed/spicedb/security/advisories/GHSA-cjr9-mr35-7xh6",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/authzed/spicedb/security/advisories/GHSA-cjr9-mr35-7xh6"
},
{
"name": "https://github.com/authzed/spicedb/commit/9bbd7d76b6eaba33fe0236014f9b175d21232999",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/authzed/spicedb/commit/9bbd7d76b6eaba33fe0236014f9b175d21232999"
},
{
"name": "https://github.com/authzed/spicedb/releases/tag/v1.19.1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/authzed/spicedb/releases/tag/v1.19.1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29193",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T18:42:06.218010Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T18:42:12.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "spicedb",
"vendor": "authzed",
"versions": [
{
"status": "affected",
"version": "\u003c 1.19.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. The `spicedb serve` command contains a flag named `--grpc-preshared-key` which is used to protect the gRPC API from being accessed by unauthorized requests. The values of this flag are to be considered sensitive, secret data. The `/debug/pprof/cmdline` endpoint served by the metrics service (defaulting running on port `9090`) reveals the command-line flags provided for debugging purposes. If a password is set via the `--grpc-preshared-key` then the key is revealed by this endpoint along with any other flags provided to the SpiceDB binary. This issue has been fixed in version 1.19.1.\n\n### Impact\n\nAll deployments abiding by the recommended best practices for production usage are **NOT affected**:\n- Authzed\u0027s SpiceDB Serverless\n- Authzed\u0027s SpiceDB Dedicated\n- SpiceDB Operator\n\nUsers configuring SpiceDB via environment variables are **NOT affected**.\n\nUsers **MAY be affected** if they expose their metrics port to an untrusted network and are configuring `--grpc-preshared-key` via command-line flag.\n\n### Patches\n\nTODO\n\n### Workarounds\n\nTo workaround this issue you can do one of the following:\n\n- Configure the preshared key via an environment variable (e.g. `SPICEDB_GRPC_PRESHARED_KEY=yoursecret spicedb serve`)\n- Reconfigure the `--metrics-addr` flag to bind to a trusted network (e.g. `--metrics-addr=localhost:9090`)\n- Disable the metrics service via the flag (e.g. `--metrics-enabled=false`)\n- Adopt one of the recommended deployment models: [Authzed\u0027s managed services](https://authzed.com/pricing) or the [SpiceDB Operator](https://github.com/authzed/spicedb-operator)\n\n### References\n\n- [GitHub Security Advisory issued for SpiceDB](https://github.com/authzed/spicedb/security/advisories/GHSA-cjr9-mr35-7xh6)\n- [Go issue #22085](https://github.com/golang/go/issues/22085) for documenting the risks of exposing pprof to the internet\n- [Go issue #42834](https://github.com/golang/go/issues/42834) discusses preventing pprof registration to the default serve mux\n- [semgrep rule go.lang.security.audit.net.pprof.pprof-debug-exposure](https://semgrep.dev/r?q=go.lang.security.audit.net.pprof) checks for a variation of this issue\n\n### Credit\n\nWe\u0027d like to thank Amit Laish, a security researcher at GE Vernova for responsibly disclosing this vulnerability.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209: Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-14T19:01:01.317Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/authzed/spicedb/security/advisories/GHSA-cjr9-mr35-7xh6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/authzed/spicedb/security/advisories/GHSA-cjr9-mr35-7xh6"
},
{
"name": "https://github.com/authzed/spicedb/commit/9bbd7d76b6eaba33fe0236014f9b175d21232999",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/authzed/spicedb/commit/9bbd7d76b6eaba33fe0236014f9b175d21232999"
},
{
"name": "https://github.com/authzed/spicedb/releases/tag/v1.19.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/authzed/spicedb/releases/tag/v1.19.1"
}
],
"source": {
"advisory": "GHSA-cjr9-mr35-7xh6",
"discovery": "UNKNOWN"
},
"title": "SpiceDB binding metrics port to untrusted networks and can leak command-line flags"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29193",
"datePublished": "2023-04-14T19:01:01.317Z",
"dateReserved": "2023-04-03T13:37:18.453Z",
"dateUpdated": "2025-02-06T18:42:12.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-39
Phase: Implementation
Description:
- Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
- If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
- Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
Mitigation
Phase: Implementation
Description:
- Handle exceptions internally and do not display errors containing potentially sensitive information to a user.
Mitigation ID: MIT-33
Phase: Implementation
Strategy: Attack Surface Reduction
Description:
- Use naming conventions and strong types to make it easier to spot when sensitive data is being used. When creating structures, objects, or other complex entities, separate the sensitive and non-sensitive data as much as possible.
Mitigation ID: MIT-40
Phases: Implementation, Build and Compilation
Strategy: Compilation or Build Hardening
Description:
- Debugging information should not make its way into a production release.
Mitigation ID: MIT-40
Phases: Implementation, Build and Compilation
Strategy: Environment Hardening
Description:
- Debugging information should not make its way into a production release.
Mitigation
Phase: System Configuration
Description:
- Where available, configure the environment to use less verbose error messages. For example, in PHP, disable the display_errors setting during configuration, or at runtime using the error_reporting() function.
Mitigation
Phase: System Configuration
Description:
- Create default error pages or messages that do not leak any information.
CAPEC-215: Fuzzing for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-54: Query System for Information
An adversary, aware of an application's location (and possibly authorized to use the application), probes an application's structure and evaluates its robustness by submitting requests and examining responses. Often, this is accomplished by sending variants of expected queries in the hope that these modified queries might return information beyond what the expected set of queries would provide.
CAPEC-7: Blind SQL Injection
Blind SQL Injection results from an insufficient mitigation for SQL Injection. Although suppressing database error messages are considered best practice, the suppression alone is not sufficient to prevent SQL Injection. Blind SQL Injection is a form of SQL Injection that overcomes the lack of error messages. Without the error messages that facilitate SQL Injection, the adversary constructs input strings that probe the target through simple Boolean SQL expressions. The adversary can determine if the syntax and structure of the injection was successful based on whether the query was executed or not. Applied iteratively, the adversary determines how and where the target is vulnerable to SQL Injection.