CWE-312
Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
CVE-2024-41691 (GCVE-0-2024-41691)
Vulnerability from cvelistv5 – Published: 2024-07-26 12:06 – Updated: 2024-08-05 10:24
VLAI
Title
Insecure Storage of Sensitive Information Vulnerability
Summary
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of FTP credentials in plaintext within the SquashFS-root filesystem associated with the router's firmware. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext FTP credentials from the vulnerable system.
Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the FTP server associated with the targeted system.
Severity
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cert-in.org.in/s2cMainServlet?pageid=… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SyroTech | SyroTech SY-GPON-1110-WDONT router |
Affected:
3.1.02-231102
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:46:52.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2024-0225"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41691",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T13:39:14.763756Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:12.860Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SyroTech SY-GPON-1110-WDONT router",
"vendor": "SyroTech",
"versions": [
{
"status": "affected",
"version": "3.1.02-231102"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "These vulnerabilities are discovered by Shravan Singh, Rahul Giri, \u0026 Karan Patel from Redfox Cyber Security Inc, Toronto, Canada."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of FTP credentials in plaintext within the SquashFS-root filesystem associated with the router\u0027s firmware. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext FTP credentials from the vulnerable system.\u003cbr\u003e\u003cbr\u003eSuccessful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the FTP server associated with the targeted system.\u003cbr\u003e"
}
],
"value": "This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of FTP credentials in plaintext within the SquashFS-root filesystem associated with the router\u0027s firmware. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext FTP credentials from the vulnerable system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the FTP server associated with the targeted system."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T07:49:45.454Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2024-0225"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade SyroTech SY-GPON-1110-WDONT Router firmware to patched version 3.1.02-240517\u003cbr\u003e\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://drive.google.com/file/d/1JQc3AkJm69mV0kg2c-b-zzaojc87Rru9/view\"\u003ehttp://drive.google.com/file/d/1JQc3AkJm69mV0kg2c-b-zzaojc87Rru9/view\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "Upgrade SyroTech SY-GPON-1110-WDONT Router firmware to patched version 3.1.02-240517\n\n http://drive.google.com/file/d/1JQc3AkJm69mV0kg2c-b-zzaojc87Rru9/view"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insecure Storage of Sensitive Information Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2024-41691",
"datePublished": "2024-07-26T12:06:39.053Z",
"dateReserved": "2024-07-19T11:24:20.421Z",
"dateUpdated": "2024-08-05T10:24:12.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4235 (GCVE-0-2024-4235)
Vulnerability from cvelistv5 – Published: 2024-04-26 17:31 – Updated: 2024-08-01 20:33
VLAI
Title
Netgear DG834Gv5 Web Management Interface cleartext storage
Summary
A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-262126 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.262126 | vdb-entry |
| https://vuldb.com/?ctiid.262126 | signaturepermissions-required |
| https://vuldb.com/?submit.319148 | third-party-advisory |
| https://netsecfish.notion.site/Netgear-DG834Gv5-P… | exploit |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:netgear:dg834gv5:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dg834gv5",
"vendor": "netgear",
"versions": [
{
"status": "affected",
"version": "1.6.01.34"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4235",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-29T21:04:22.722401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:53:21.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:52.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-262126 | Netgear DG834Gv5 Web Management Interface cleartext storage",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.262126"
},
{
"name": "VDB-262126 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.262126"
},
{
"name": "Submit #319148 | Netgear DG834Gv5 Router V6.00.25, V1.6.01.34 Unprotected Storage of Credentials",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.319148"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://netsecfish.notion.site/Netgear-DG834Gv5-Plain-Text-Credentials-Exposure-22e94fe066014490bebd349775d10b27?pvs=4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Web Management Interface"
],
"product": "DG834Gv5",
"vendor": "Netgear",
"versions": [
{
"status": "affected",
"version": "1.6.01.34"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "netsecfish (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-262126 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Netgear DG834Gv5 1.6.01.34 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Komponente Web Management Interface. Durch das Manipulieren mit unbekannten Daten kann eine cleartext storage of sensitive information-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-26T17:31:07.743Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-262126 | Netgear DG834Gv5 Web Management Interface cleartext storage",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.262126"
},
{
"name": "VDB-262126 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.262126"
},
{
"name": "Submit #319148 | Netgear DG834Gv5 Router V6.00.25, V1.6.01.34 Unprotected Storage of Credentials",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.319148"
},
{
"tags": [
"exploit"
],
"url": "https://netsecfish.notion.site/Netgear-DG834Gv5-Plain-Text-Credentials-Exposure-22e94fe066014490bebd349775d10b27?pvs=4"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-26T14:30:47.000Z",
"value": "VulDB entry last update"
}
],
"title": "Netgear DG834Gv5 Web Management Interface cleartext storage"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-4235",
"datePublished": "2024-04-26T17:31:07.743Z",
"dateReserved": "2024-04-26T12:25:39.441Z",
"dateUpdated": "2024-08-01T20:33:52.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4540 (GCVE-0-2024-4540)
Vulnerability from cvelistv5 – Published: 2024-06-03 15:33 – Updated: 2026-03-26 23:13
VLAI
Title
Keycloak: exposure of sensitive information in pushed authorization requests (par) kc_restart cookie
Summary
A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability.
Severity
7.5 (High)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2024:3566 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:3567 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:3568 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:3570 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:3572 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:3573 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:3574 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:3575 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:3576 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2024-4540 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2279303 | issue-trackingx_refsource_REDHAT |
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
|
Unaffected:
d5e82356f90893ca3b308a7e10020103e402369a , < *
(git)
|
|||
| Red Hat | Red Hat Build of Keycloak |
cpe:/a:redhat:build_keycloak:22 |
|
| Red Hat | Red Hat Build of Keycloak |
cpe:/a:redhat:build_keycloak:22 |
|
| Red Hat | Red Hat build of Keycloak 22 |
Unaffected:
22.0.11-2 , < *
(rpm)
cpe:/a:redhat:build_keycloak:22::el9 |
|
| Red Hat | Red Hat build of Keycloak 22 |
Unaffected:
22-15 , < *
(rpm)
cpe:/a:redhat:build_keycloak:22::el9 |
|
| Red Hat | Red Hat build of Keycloak 22 |
Unaffected:
22-18 , < *
(rpm)
cpe:/a:redhat:build_keycloak:22::el9 |
|
| Red Hat | Red Hat build of Keycloak 24 |
Unaffected:
24.0.5-2 , < *
(rpm)
cpe:/a:redhat:build_keycloak:24::el9 |
|
| Red Hat | Red Hat build of Keycloak 24 |
Unaffected:
24-10 , < *
(rpm)
cpe:/a:redhat:build_keycloak:24::el9 |
|
| Red Hat | Red Hat build of Keycloak 24 |
Unaffected:
24-10 , < *
(rpm)
cpe:/a:redhat:build_keycloak:24::el9 |
|
| Red Hat | Red Hat Single Sign-On 7 |
cpe:/a:redhat:red_hat_single_sign_on:7.6 |
|
| Red Hat | Red Hat Single Sign-On 7.6 for RHEL 7 |
Unaffected:
0:18.0.14-1.redhat_00001.1.el7sso , < *
(rpm)
cpe:/a:redhat:red_hat_single_sign_on:7.6::el7 |
|
| Red Hat | Red Hat Single Sign-On 7.6 for RHEL 8 |
Unaffected:
0:18.0.14-1.redhat_00001.1.el8sso , < *
(rpm)
cpe:/a:redhat:red_hat_single_sign_on:7.6::el8 |
|
| Red Hat | Red Hat Single Sign-On 7.6 for RHEL 9 |
Unaffected:
0:18.0.14-1.redhat_00001.1.el9sso , < *
(rpm)
cpe:/a:redhat:red_hat_single_sign_on:7.6::el9 |
|
| Red Hat | RHEL-8 based Middleware Containers |
Unaffected:
7.6-49 , < *
(rpm)
cpe:/a:redhat:rhosemc:1.0::el8 |
Date Public
2024-06-03 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4540",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T16:13:25.347543Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:53:04.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:40:47.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:3566",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3566"
},
{
"name": "RHSA-2024:3567",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3567"
},
{
"name": "RHSA-2024:3568",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3568"
},
{
"name": "RHSA-2024:3570",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3570"
},
{
"name": "RHSA-2024:3572",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3572"
},
{
"name": "RHSA-2024:3573",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3573"
},
{
"name": "RHSA-2024:3574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3574"
},
{
"name": "RHSA-2024:3575",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3575"
},
{
"name": "RHSA-2024:3576",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3576"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-4540"
},
{
"name": "RHBZ#2279303",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279303"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/keycloak/keycloak",
"packageName": "keycloak",
"repo": "https://github.com/keycloak/keycloak",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "d5e82356f90893ca3b308a7e10020103e402369a",
"versionType": "git"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:build_keycloak:22"
],
"defaultStatus": "unaffected",
"product": "Red Hat Build of Keycloak",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:build_keycloak:22"
],
"defaultStatus": "unaffected",
"product": "Red Hat Build of Keycloak",
"vendor": "Red Hat"
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:22::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-operator-bundle",
"product": "Red Hat build of Keycloak 22",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "22.0.11-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:22::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9",
"product": "Red Hat build of Keycloak 22",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "22-15",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:22::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9-operator",
"product": "Red Hat build of Keycloak 22",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "22-18",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:24::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-operator-bundle",
"product": "Red Hat build of Keycloak 24",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "24.0.5-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:24::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9",
"product": "Red Hat build of Keycloak 24",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "24-10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:24::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9-operator",
"product": "Red Hat build of Keycloak 24",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "24-10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6"
],
"defaultStatus": "unaffected",
"product": "Red Hat Single Sign-On 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
],
"defaultStatus": "affected",
"packageName": "rh-sso7-keycloak",
"product": "Red Hat Single Sign-On 7.6 for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:18.0.14-1.redhat_00001.1.el7sso",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
],
"defaultStatus": "affected",
"packageName": "rh-sso7-keycloak",
"product": "Red Hat Single Sign-On 7.6 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:18.0.14-1.redhat_00001.1.el8sso",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
],
"defaultStatus": "affected",
"packageName": "rh-sso7-keycloak",
"product": "Red Hat Single Sign-On 7.6 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:18.0.14-1.redhat_00001.1.el9sso",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"defaultStatus": "affected",
"packageName": "rh-sso-7/sso76-openshift-rhel8",
"product": "RHEL-8 based Middleware Containers",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7.6-49",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Manuel Schallar for reporting this issue."
}
],
"datePublic": "2024-06-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server\u0027s HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T23:13:49.571Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:3566",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3566"
},
{
"name": "RHSA-2024:3567",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3567"
},
{
"name": "RHSA-2024:3568",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3568"
},
{
"name": "RHSA-2024:3570",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3570"
},
{
"name": "RHSA-2024:3572",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3572"
},
{
"name": "RHSA-2024:3573",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3573"
},
{
"name": "RHSA-2024:3574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3574"
},
{
"name": "RHSA-2024:3575",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3575"
},
{
"name": "RHSA-2024:3576",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3576"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-4540"
},
{
"name": "RHBZ#2279303",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279303"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-06T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-06-03T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Keycloak: exposure of sensitive information in pushed authorization requests (par) kc_restart cookie",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-312: Cleartext Storage of Sensitive Information"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-4540",
"datePublished": "2024-06-03T15:33:18.191Z",
"dateReserved": "2024-05-06T11:02:39.841Z",
"dateUpdated": "2026-03-26T23:13:49.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-45718 (GCVE-0-2024-45718)
Vulnerability from cvelistv5 – Published: 2025-02-11 07:19 – Updated: 2025-02-11 15:12
VLAI
Title
Sensitive data disclosure vulnerability
Summary
Sensitive data could be exposed to non- privileged users in a configuration file. Local access to the computer with a low- privileged account is required to access the configuration file containing the sensitive data.
Severity
4.6 (Medium)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SolarWinds | Kiwi Syslog NG |
Affected:
Kiwi 1.3 and previous versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45718",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T15:12:11.743634Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T15:12:15.783Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Kiwi Syslog NG",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "Kiwi 1.3 and previous versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sensitive data could be exposed to non- privileged users in a configuration file. Local access to the computer with a low- privileged account is required to access the configuration file containing the sensitive data."
}
],
"value": "Sensitive data could be exposed to non- privileged users in a configuration file. Local access to the computer with a low- privileged account is required to access the configuration file containing the sensitive data."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T07:19:21.975Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45718"
},
{
"url": "https://documentation.solarwinds.com/en/success_center/kss/content/release_notes/kssng_1-3-1_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SolarWinds recommends customers upgrade to SolarWinds Kiwi Syslog NG 1.3.1 as soon as it becomes available. \u003cp\u003e \u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "SolarWinds recommends customers upgrade to SolarWinds Kiwi Syslog NG 1.3.1 as soon as it becomes available."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Sensitive data disclosure vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2024-45718",
"datePublished": "2025-02-11T07:19:21.975Z",
"dateReserved": "2024-09-05T08:28:03.888Z",
"dateUpdated": "2025-02-11T15:12:15.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45744 (GCVE-0-2024-45744)
Vulnerability from cvelistv5 – Published: 2024-09-27 15:56 – Updated: 2025-10-02 14:09
VLAI
Title
TopQuadrant TopBraid EDG password manager stores external credentials insecurely
Summary
TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745. At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally. Version 8.3.0 warns when using plain text secrets.
Severity
CWE
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TopQuadrant | TopBraid EDG |
Affected:
7.1.3
|
Date Public
2024-09-27 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45744",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T17:44:24.546908Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T17:44:33.233Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "TopBraid EDG",
"vendor": "TopQuadrant",
"versions": [
{
"status": "affected",
"version": "7.1.3"
}
]
}
],
"datePublic": "2024-09-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745.\u00a0At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally. Version 8.3.0 warns when using plain text secrets."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257 Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:09:27.993Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2024/va-24-254-02.json"
},
{
"name": "url",
"url": "https://www.topquadrant.com/doc/latest/reference/PasswordManagementAdminPage.html"
},
{
"name": "url",
"url": "https://www.topquadrant.com/doc/latest/administrator_guide/edg_installation_and_authentication/hashicorp_integration.html"
},
{
"name": "url",
"url": "https://www.topquadrant.com/release-note/7-3/"
},
{
"name": "url",
"url": "https://www.topquadrant.com/wp-content/uploads/2025/02/changes-8.3.0.txt"
}
],
"title": "TopQuadrant TopBraid EDG password manager stores external credentials insecurely"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2024-45744",
"datePublished": "2024-09-27T15:56:11.980Z",
"dateReserved": "2024-09-05T23:12:56.519Z",
"dateUpdated": "2025-10-02T14:09:27.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45862 (GCVE-0-2024-45862)
Vulnerability from cvelistv5 – Published: 2024-09-19 15:54 – Updated: 2024-09-20 13:03
VLAI
Title
Cleartext Storage of Sensitive Information in Kastle Systems Access Control System
Summary
Kastle Systems firmware prior to May 1, 2024, stored machine credentials in cleartext, which may allow an attacker to access sensitive information.
Severity
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kastle Systems | Access Control System |
Affected:
0 , < May 01, 2024
(custom)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:kastlesystems:access_control_system_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "access_control_system_firmware",
"vendor": "kastlesystems",
"versions": [
{
"lessThan": "may.01.2024",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45862",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T13:00:33.448214Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T13:03:08.919Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Access Control System",
"vendor": "Kastle Systems",
"versions": [
{
"lessThan": "May 01, 2024",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "evildaemond (Adam Foster) reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eKastle Systems firmware prior to May 1, 2024, stored machine credentials in cleartext, which may allow an attacker to access sensitive information.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Kastle Systems firmware prior to May 1, 2024, stored machine credentials in cleartext, which may allow an attacker to access sensitive information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T15:54:32.596Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-263-05"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eKastle Systems have fixed the system configuration vulnerabilities internally. No user interaction is required.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "Kastle Systems have fixed the system configuration vulnerabilities internally. No user interaction is required."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cleartext Storage of Sensitive Information in Kastle Systems Access Control System",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-45862",
"datePublished": "2024-09-19T15:54:32.596Z",
"dateReserved": "2024-09-10T16:56:59.253Z",
"dateUpdated": "2024-09-20T13:03:08.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47056 (GCVE-0-2024-47056)
Vulnerability from cvelistv5 – Published: 2025-05-28 16:24 – Updated: 2025-05-28 23:47
VLAI
Title
Mautic does not shield .env files from web traffic
Summary
SummaryThis advisory addresses a security vulnerability in Mautic where sensitive .env configuration files may be directly accessible via a web browser. This exposure could lead to the disclosure of sensitive information, including database credentials, API keys, and other critical system configurations.
Sensitive Information Disclosure via .env File Exposure: The .env file, which typically contains environment variables and sensitive application configurations, is directly accessible via a web browser due to missing web server configurations that restrict access to such files. This allows an unauthenticated attacker to view the contents of this file by simply navigating to its URL.
MitigationUpdate Mautic to the latest Mautic version.
By default, Mautic does not use .env files for production data.
For Apache users: Ensure your web server is configured to respect .htaccess files.
For Nginx users: As Nginx does not inherently support .htaccess files, you must manually add a configuration block to your Nginx server configuration to deny access to .env files. Add the following to your Nginx configuration for the Mautic site:
location ~ /\.env {
deny all;
}
After modifying your Nginx configuration, remember to reload or restart your Nginx service for the changes to take effect.
Severity
5.1 (Medium)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
1 reference
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T23:45:38.445428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T23:47:09.780Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 6.0.2, \u003c 5.2.6, \u003c4.4.16",
"status": "affected",
"version": "\u003e 4.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "r3ky"
},
{
"lang": "en",
"type": "reporter",
"value": "r3ky"
},
{
"lang": "en",
"type": "analyst",
"value": "Lenon Leite"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Nick Vanpraet"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Patryk Gruszka"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch3\u003eSummary\u003c/h3\u003e\u003cp\u003eThis advisory addresses a security vulnerability in Mautic where sensitive \u003ccode\u003e.env\u003c/code\u003e\u0026nbsp;configuration files may be directly accessible via a web browser. This exposure could lead to the disclosure of sensitive information, including database credentials, API keys, and other critical system configurations.\u003c/p\u003e\u003cp\u003eSensitive Information Disclosure via \u003ccode\u003e.env\u003c/code\u003e\u0026nbsp;File Exposure: The \u003ccode\u003e.env\u003c/code\u003e\u0026nbsp;file, which typically contains environment variables and sensitive application configurations, is directly accessible via a web browser due to missing web server configurations that restrict access to such files. This allows an unauthenticated attacker to view the contents of this file by simply navigating to its URL.\u003c/p\u003e\u003ch3\u003eMitigation\u003c/h3\u003e\u003cp\u003eUpdate Mautic to the latest Mautic version.\u003c/p\u003e\u003cp\u003e\u003cb\u003eBy default, Mautic does not use \u003c/b\u003e\u003ccode\u003e\u003cb\u003e.env\u003c/b\u003e\u003c/code\u003e\u003cb\u003e\u0026nbsp;files for production data.\u003c/b\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor Apache users:\u003c/strong\u003e\u0026nbsp;Ensure your web server is configured to respect \u003ccode\u003e.htaccess\u003c/code\u003e\u0026nbsp;files.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor Nginx users:\u003c/strong\u003e\u0026nbsp;As Nginx does not inherently support \u003ccode\u003e.htaccess\u003c/code\u003e\u0026nbsp;files, you must manually add a configuration block to your Nginx server configuration to deny access to \u003ccode\u003e.env\u003c/code\u003e\u0026nbsp;files. Add the following to your Nginx configuration for the Mautic site:\u003c/p\u003e\u003cdiv\u003e\u003cpre\u003elocation ~ /\\.env {\n deny all;\n}\u003c/pre\u003e\u003cdiv\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003eAfter modifying your Nginx configuration, remember to reload or restart your Nginx service for the changes to take effect.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "SummaryThis advisory addresses a security vulnerability in Mautic where sensitive .env\u00a0configuration files may be directly accessible via a web browser. This exposure could lead to the disclosure of sensitive information, including database credentials, API keys, and other critical system configurations.\n\nSensitive Information Disclosure via .env\u00a0File Exposure: The .env\u00a0file, which typically contains environment variables and sensitive application configurations, is directly accessible via a web browser due to missing web server configurations that restrict access to such files. This allows an unauthenticated attacker to view the contents of this file by simply navigating to its URL.\n\nMitigationUpdate Mautic to the latest Mautic version.\n\nBy default, Mautic does not use .env\u00a0files for production data.\n\nFor Apache users:\u00a0Ensure your web server is configured to respect .htaccess\u00a0files.\n\nFor Nginx users:\u00a0As Nginx does not inherently support .htaccess\u00a0files, you must manually add a configuration block to your Nginx server configuration to deny access to .env\u00a0files. Add the following to your Nginx configuration for the Mautic site:\n\nlocation ~ /\\.env {\n deny all;\n}\n\n\n\n\n\nAfter modifying your Nginx configuration, remember to reload or restart your Nginx service for the changes to take effect."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T16:24:57.162Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-h2wg-v8wg-jhxh"
}
],
"source": {
"advisory": "GHSA-h2wg-v8wg-jhxh",
"discovery": "EXTERNAL"
},
"title": "Mautic does not shield .env files from web traffic",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2024-47056",
"datePublished": "2025-05-28T16:24:57.162Z",
"dateReserved": "2024-09-17T13:41:00.584Z",
"dateUpdated": "2025-05-28T23:47:09.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47529 (GCVE-0-2024-47529)
Vulnerability from cvelistv5 – Published: 2024-10-02 19:17 – Updated: 2024-10-31 13:52
VLAI
Title
OpenC3 COSMOS uses clear text storage of password/token (`GHSL-2024-129`)
Summary
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting (see GHSL-2024-128). This vulnerability is fixed in 5.19.0. This only affects Open Source edition, and not OpenC3 COSMOS Enterprise Edition.
Severity
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/OpenC3/cosmos/security/advisor… | x_refsource_CONFIRM |
| https://github.com/OpenC3/cosmos/commit/b5ab34fe7… | x_refsource_MISC |
| https://securitylab.github.com/advisories/GHSL-20… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47529",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T19:52:44.205977Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T19:53:00.936Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cosmos",
"vendor": "OpenC3",
"versions": [
{
"status": "affected",
"version": "\u003c 5.19.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting (see GHSL-2024-128). This vulnerability is fixed in 5.19.0. This only affects Open Source edition, and not OpenC3 COSMOS Enterprise Edition."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T13:52:49.907Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenC3/cosmos/security/advisories/GHSA-4xqv-47rm-37mm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenC3/cosmos/security/advisories/GHSA-4xqv-47rm-37mm"
},
{
"name": "https://github.com/OpenC3/cosmos/commit/b5ab34fe7fa54c0c8171c4aa3caf4e03d6f63bd7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenC3/cosmos/commit/b5ab34fe7fa54c0c8171c4aa3caf4e03d6f63bd7"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-127_GHSL-2024-129_OpenC3_COSMOS",
"tags": [
"x_refsource_MISC"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-127_GHSL-2024-129_OpenC3_COSMOS"
}
],
"source": {
"advisory": "GHSA-4xqv-47rm-37mm",
"discovery": "UNKNOWN"
},
"title": "OpenC3 COSMOS uses clear text storage of password/token (`GHSL-2024-129`)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47529",
"datePublished": "2024-10-02T19:17:21.668Z",
"dateReserved": "2024-09-25T21:46:10.929Z",
"dateUpdated": "2024-10-31T13:52:49.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4840 (GCVE-0-2024-4840)
Vulnerability from cvelistv5 – Published: 2024-05-13 22:16 – Updated: 2025-11-20 19:15
VLAI
Title
Rhosp-director: cleartext passwords exposed in logs
Summary
An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs.
Severity
5.5 (Medium)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2024:9978 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2024-4840 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2280249 | issue-trackingx_refsource_REDHAT |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
|
Unaffected:
14.3.1-17.1.20240528170747.e7c7ce3.el9ost
(rpm)
|
|||
| Red Hat | Red Hat OpenStack Platform 17.1 for RHEL 9 |
Unaffected:
0:14.3.1-17.1.20240919130756.el9ost , < *
(rpm)
cpe:/a:redhat:openstack:17.1::el9 |
|
| Red Hat | Red Hat OpenStack Platform 16.2 |
cpe:/a:redhat:openstack:16.2 |
Date Public
2024-05-06 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4840",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T19:32:24.426737Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T15:59:59.529Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:55:09.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-4840"
},
{
"name": "RHBZ#2280249",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280249"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/openstack-archive/tripleo-heat-templates",
"packageName": "openstack-tripleo-heat-templates",
"versions": [
{
"status": "unaffected",
"version": "14.3.1-17.1.20240528170747.e7c7ce3.el9ost",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:17.1::el9"
],
"defaultStatus": "affected",
"packageName": "openstack-tripleo-heat-templates",
"product": "Red Hat OpenStack Platform 17.1 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:14.3.1-17.1.20240919130756.el9ost",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:16.2"
],
"defaultStatus": "affected",
"packageName": "rhosp-director",
"product": "Red Hat OpenStack Platform 16.2",
"vendor": "Red Hat"
}
],
"datePublic": "2024-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T19:15:50.057Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:9978",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:9978"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-4840"
},
{
"name": "RHBZ#2280249",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280249"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-10T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-05-06T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Rhosp-director: cleartext passwords exposed in logs",
"x_redhatCweChain": "CWE-312: Cleartext Storage of Sensitive Information"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-4840",
"datePublished": "2024-05-13T22:16:39.899Z",
"dateReserved": "2024-05-13T16:34:02.118Z",
"dateUpdated": "2025-11-20T19:15:50.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50570 (GCVE-0-2024-50570)
Vulnerability from cvelistv5 – Published: 2024-12-18 12:44 – Updated: 2025-08-27 21:29
VLAI
Summary
A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector
Severity
CWE
- CWE-312 - Information disclosure
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
7.4.0 , ≤ 7.4.2
(semver)
Affected: 7.2.0 , ≤ 7.2.7 (semver) Affected: 7.0.0 , ≤ 7.0.14 (semver) |
|
| Fortinet | FortiClientLinux |
Affected:
7.4.0 , ≤ 7.4.2
(semver)
Affected: 7.2.0 , ≤ 7.2.7 (semver) Affected: 7.0.0 , ≤ 7.0.13 (semver) |
|
| Fortinet | FortiClientWindows |
Affected:
7.4.0
Affected: 7.2.0 , ≤ 7.2.5 (semver) Affected: 7.0.0 , ≤ 7.0.13 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50570",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-18T14:30:59.618705Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T21:29:14.762Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.7",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.14",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientLinux",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.7",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientWindows",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.4.0"
},
{
"lessThanOrEqual": "7.2.5",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript\u0027s garbage collector"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N/E:F/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T12:44:38.644Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-278",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-278"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientLinux version 7.4.3 or above \nPlease upgrade to FortiClientLinux version 7.2.8 or above \nPlease upgrade to FortiClientLinux version 7.0.14 or above \nPlease upgrade to FortiClientWindows version 7.4.2 or above \nPlease upgrade to FortiClientWindows version 7.2.7 or above \nPlease upgrade to FortiClientWindows version 7.0.14 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-50570",
"datePublished": "2024-12-18T12:44:38.644Z",
"dateReserved": "2024-10-24T11:52:14.402Z",
"dateUpdated": "2025-08-27T21:29:14.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phases: Implementation, System Configuration, Operation
Description:
- When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301]
Mitigation
Phases: Implementation, System Configuration, Operation
Description:
- In some systems/environments such as cloud, the use of "double encryption" (at both the software and hardware layer) might be required, and the developer might be solely responsible for both layers, instead of shared responsibility with the administrator of the broader system/environment.
CAPEC-37: Retrieve Embedded Sensitive Data
An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.