CWE-922
Insecure Storage of Sensitive Information
The product stores sensitive information without properly limiting read or write access by unauthorized actors.
CVE-2021-22914 (GCVE-0-2021-22914)
Vulnerability from cvelistv5 – Published: 2021-06-16 13:08 – Updated: 2024-08-03 18:58
VLAI
Summary
Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud environment. This issue affects all versions of Citrix Cloud Connector that were installed by passing secure client parameters for installation via the command line. The issue does not affect Citrix Cloud Connector if it was installed using the interactive installer or where a parameter file was used with the command-line installer.
Severity
No CVSS data available.
CWE
- CWE-922 - Insecure Storage of Sensitive Information (CWE-922)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.citrix.com/article/CTX316690 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Citrix Cloud Connector |
Affected:
Fixed in 6.31.0.62192
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:25.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX316690"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Citrix Cloud Connector",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 6.31.0.62192"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud environment. This issue affects all versions of Citrix Cloud Connector that were installed by passing secure client parameters for installation via the command line. The issue does not affect Citrix Cloud Connector if it was installed using the interactive installer or where a parameter file was used with the command-line installer."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "Insecure Storage of Sensitive Information (CWE-922)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-16T13:08:10.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX316690"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix Cloud Connector",
"version": {
"version_data": [
{
"version_value": "Fixed in 6.31.0.62192"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud environment. This issue affects all versions of Citrix Cloud Connector that were installed by passing secure client parameters for installation via the command line. The issue does not affect Citrix Cloud Connector if it was installed using the interactive installer or where a parameter file was used with the command-line installer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Storage of Sensitive Information (CWE-922)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX316690",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX316690"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22914",
"datePublished": "2021-06-16T13:08:10.000Z",
"dateReserved": "2021-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:58:25.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25402 (GCVE-0-2021-25402)
Vulnerability from cvelistv5 – Published: 2021-06-11 14:45 – Updated: 2024-08-03 20:03
VLAI
Summary
Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information.
Severity
No CVSS data available.
CWE
- CWE-922 - Insecure Storage of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.samsungmobile.com/serviceWeb.sms… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | Samsung Notes |
Affected:
unspecified , < 4.2.04.27
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:03:05.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Samsung Notes",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "4.2.04.27",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information."
}
],
"metrics": [
{
"other": {
"content": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922: Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T14:45:23.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Notes",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.2.04.27"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-922: Insecure Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=5",
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=5"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2021-25402",
"datePublished": "2021-06-11T14:45:23.000Z",
"dateReserved": "2021-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:03:05.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25404 (GCVE-0-2021-25404)
Vulnerability from cvelistv5 – Published: 2021-06-11 14:45 – Updated: 2024-08-03 20:03
VLAI
Summary
Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log.
Severity
No CVSS data available.
CWE
- CWE-922 - Insecure Storage of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.samsungmobile.com/serviceWeb.sms… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | SmartThings |
Affected:
unspecified , < 1.7.64.21
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:03:05.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SmartThings",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "1.7.64.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log."
}
],
"metrics": [
{
"other": {
"content": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922: Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T14:45:23.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SmartThings",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.7.64.21"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-922: Insecure Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=5",
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=5"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2021-25404",
"datePublished": "2021-06-11T14:45:23.000Z",
"dateReserved": "2021-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:03:05.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25406 (GCVE-0-2021-25406)
Vulnerability from cvelistv5 – Published: 2021-06-11 14:45 – Updated: 2024-08-03 20:03
VLAI
Summary
Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information.
Severity
No CVSS data available.
CWE
- CWE-922 - Insecure Storage of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.samsungmobile.com/serviceWeb.sms… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | Gear S Plugin |
Affected:
unspecified , < 2.2.05.21033151
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:03:05.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Gear S Plugin",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "2.2.05.21033151",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information."
}
],
"metrics": [
{
"other": {
"content": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922: Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T14:45:23.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gear S Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.2.05.21033151"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-922: Insecure Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=5",
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=5"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2021-25406",
"datePublished": "2021-06-11T14:45:23.000Z",
"dateReserved": "2021-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:03:05.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25523 (GCVE-0-2021-25523)
Vulnerability from cvelistv5 – Published: 2021-12-08 14:20 – Updated: 2024-08-03 20:11
VLAI
Summary
Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID.
Severity
4 (Medium)
CWE
- CWE-922 - Insecure Storage of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.samsungmobile.com/serviceWeb.sms… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | SamsungDialer |
Affected:
- , < 12.7.05.24 in Android R(11.0)
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SamsungDialer",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "12.7.05.24 in Android R(11.0)",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922: Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-08T14:20:32.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=12"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SamsungDialer",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "-",
"version_value": "12.7.05.24 in Android R(11.0)"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-922: Insecure Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=12",
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=12"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2021-25523",
"datePublished": "2021-12-08T14:20:32.000Z",
"dateReserved": "2021-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:11:27.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25524 (GCVE-0-2021-25524)
Vulnerability from cvelistv5 – Published: 2021-12-08 14:20 – Updated: 2024-08-03 20:11
VLAI
Summary
Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID.
Severity
4 (Medium)
CWE
- CWE-922 - Insecure Storage of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.samsungmobile.com/serviceWeb.sms… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | Contacts |
Affected:
- , < 12.7.05.24 in Android R(11.0)
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Contacts",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "12.7.05.24 in Android R(11.0)",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922: Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-08T14:20:42.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=12"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Contacts",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "-",
"version_value": "12.7.05.24 in Android R(11.0)"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-922: Insecure Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=12",
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=12"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2021-25524",
"datePublished": "2021-12-08T14:20:42.000Z",
"dateReserved": "2021-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:11:27.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28815 (GCVE-0-2021-28815)
Vulnerability from cvelistv5 – Published: 2021-06-16 04:00 – Updated: 2024-09-17 01:16
VLAI
Title
Insecure Storage of Sensitive Information in myQNAPcloud Link
Summary
Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4.
Severity
6 (Medium)
CWE
- CWE-922 - Insecure Storage of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qnap.com/zh-tw/security-advisory/qsa-21-26 | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| QNAP Systems Inc. | myQNAPcloud Link |
Affected:
unspecified , < 2.2.21
(custom)
|
|
| QNAP Systems Inc. | myQNAPcloud Link |
Affected:
unspecified , < 2.2.21
(custom)
|
|
| QNAP Systems Inc. | myQNAPcloud Link |
Affected:
unspecified , < 2.2.21
(custom)
|
Date Public
2021-06-16 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:11.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-26"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"QTS 4.5.3"
],
"product": "myQNAPcloud Link",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.2.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QuTS hero h4.5.2"
],
"product": "myQNAPcloud Link",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.2.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QuTScloud c4.5.4"
],
"product": "myQNAPcloud Link",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.2.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "CJ Fairhead"
}
],
"datePublic": "2021-06-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-16T04:00:11.000Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-26"
}
],
"solutions": [
{
"lang": "en",
"value": "QNAP have already fixed this vulnerability in the following versions of myQNAPcloud Link:\n\nQTS 4.5.3: myQNAPcloud Link 2.2.21 and later\nQuTS hero h4.5.2: myQNAPcloud Link 2.2.21 and later\nQuTScloud c4.5.4: myQNAPcloud Link 2.2.21 and later"
}
],
"source": {
"advisory": "QSA-21-26",
"discovery": "EXTERNAL"
},
"title": "Insecure Storage of Sensitive Information in myQNAPcloud Link",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2021-06-16T00:32:00.000Z",
"ID": "CVE-2021-28815",
"STATE": "PUBLIC",
"TITLE": "Insecure Storage of Sensitive Information in myQNAPcloud Link"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "myQNAPcloud Link",
"version": {
"version_data": [
{
"platform": "QTS 4.5.3",
"version_affected": "\u003c",
"version_value": "2.2.21"
},
{
"platform": "QuTS hero h4.5.2",
"version_affected": "\u003c",
"version_value": "2.2.21"
},
{
"platform": "QuTScloud c4.5.4",
"version_affected": "\u003c",
"version_value": "2.2.21"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "CJ Fairhead"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-922 Insecure Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-26",
"refsource": "MISC",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-26"
}
]
},
"solution": [
{
"lang": "en",
"value": "QNAP have already fixed this vulnerability in the following versions of myQNAPcloud Link:\n\nQTS 4.5.3: myQNAPcloud Link 2.2.21 and later\nQuTS hero h4.5.2: myQNAPcloud Link 2.2.21 and later\nQuTScloud c4.5.4: myQNAPcloud Link 2.2.21 and later"
}
],
"source": {
"advisory": "QSA-21-26",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2021-28815",
"datePublished": "2021-06-16T04:00:11.639Z",
"dateReserved": "2021-03-18T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:16:56.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0724 (GCVE-0-2022-0724)
Vulnerability from cvelistv5 – Published: 2022-02-23 10:45 – Updated: 2024-08-02 23:40
VLAI
Title
Insecure Storage of Sensitive Information in microweber/microweber
Summary
Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3.
Severity
9.1 (Critical)
CWE
- CWE-922 - Insecure Storage of Sensitive Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/0cdc4a29-dada-4264-b32… | x_refsource_CONFIRM |
| https://github.com/microweber/microweber/commit/b… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| microweber | microweber/microweber |
Affected:
unspecified , < 1.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0cdc4a29-dada-4264-b326-8b65b4f11062"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/b592c86d2b927c0cae5b73b87fb541f25e777aa3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-23T10:45:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0cdc4a29-dada-4264-b326-8b65b4f11062"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/b592c86d2b927c0cae5b73b87fb541f25e777aa3"
}
],
"source": {
"advisory": "0cdc4a29-dada-4264-b326-8b65b4f11062",
"discovery": "EXTERNAL"
},
"title": "Insecure Storage of Sensitive Information in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0724",
"STATE": "PUBLIC",
"TITLE": "Insecure Storage of Sensitive Information in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.3"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-922 Insecure Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/0cdc4a29-dada-4264-b326-8b65b4f11062",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0cdc4a29-dada-4264-b326-8b65b4f11062"
},
{
"name": "https://github.com/microweber/microweber/commit/b592c86d2b927c0cae5b73b87fb541f25e777aa3",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/b592c86d2b927c0cae5b73b87fb541f25e777aa3"
}
]
},
"source": {
"advisory": "0cdc4a29-dada-4264-b326-8b65b4f11062",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0724",
"datePublished": "2022-02-23T10:45:11.000Z",
"dateReserved": "2022-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:40:03.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0881 (GCVE-0-2022-0881)
Vulnerability from cvelistv5 – Published: 2022-03-09 08:35 – Updated: 2024-08-02 23:40
VLAI
Title
Insecure Storage of Sensitive Information in chocobozzz/peertube
Summary
Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1.
Severity
7.6 (High)
CWE
- CWE-922 - Insecure Storage of Sensitive Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/2628431e-6a98-4063-a0e… | x_refsource_CONFIRM |
| https://github.com/chocobozzz/peertube/commit/0c0… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| chocobozzz | chocobozzz/peertube |
Affected:
unspecified , < 4.1.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:04.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/2628431e-6a98-4063-a0e3-a8b1d9ebaa9c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/chocobozzz/peertube/commit/0c058f256a195b92f124be10109c95d1fbe93ad8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "chocobozzz/peertube",
"vendor": "chocobozzz",
"versions": [
{
"lessThan": "4.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-09T08:35:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/2628431e-6a98-4063-a0e3-a8b1d9ebaa9c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/chocobozzz/peertube/commit/0c058f256a195b92f124be10109c95d1fbe93ad8"
}
],
"source": {
"advisory": "2628431e-6a98-4063-a0e3-a8b1d9ebaa9c",
"discovery": "EXTERNAL"
},
"title": "Insecure Storage of Sensitive Information in chocobozzz/peertube",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0881",
"STATE": "PUBLIC",
"TITLE": "Insecure Storage of Sensitive Information in chocobozzz/peertube"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "chocobozzz/peertube",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.1.1"
}
]
}
}
]
},
"vendor_name": "chocobozzz"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-922 Insecure Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/2628431e-6a98-4063-a0e3-a8b1d9ebaa9c",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/2628431e-6a98-4063-a0e3-a8b1d9ebaa9c"
},
{
"name": "https://github.com/chocobozzz/peertube/commit/0c058f256a195b92f124be10109c95d1fbe93ad8",
"refsource": "MISC",
"url": "https://github.com/chocobozzz/peertube/commit/0c058f256a195b92f124be10109c95d1fbe93ad8"
}
]
},
"source": {
"advisory": "2628431e-6a98-4063-a0e3-a8b1d9ebaa9c",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0881",
"datePublished": "2022-03-09T08:35:10.000Z",
"dateReserved": "2022-03-08T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:40:04.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1021 (GCVE-0-2022-1021)
Vulnerability from cvelistv5 – Published: 2022-08-19 12:40 – Updated: 2024-08-02 23:47
VLAI
Title
Insecure Storage of Sensitive Information in chatwoot/chatwoot
Summary
Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0.
Severity
7.6 (High)
CWE
- CWE-922 - Insecure Storage of Sensitive Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/a8187478-75e1-4d62-b89… | x_refsource_CONFIRM |
| https://github.com/chatwoot/chatwoot/commit/24b20… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| chatwoot | chatwoot/chatwoot |
Affected:
unspecified , < 2.6.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a8187478-75e1-4d62-b894-651269401ca3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/chatwoot/chatwoot/commit/24b20c10cebd25e61de8d4266c63fde94772e889"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "chatwoot/chatwoot",
"vendor": "chatwoot",
"versions": [
{
"lessThan": "2.6.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-19T12:40:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a8187478-75e1-4d62-b894-651269401ca3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/chatwoot/chatwoot/commit/24b20c10cebd25e61de8d4266c63fde94772e889"
}
],
"source": {
"advisory": "a8187478-75e1-4d62-b894-651269401ca3",
"discovery": "EXTERNAL"
},
"title": "Insecure Storage of Sensitive Information in chatwoot/chatwoot",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1021",
"STATE": "PUBLIC",
"TITLE": "Insecure Storage of Sensitive Information in chatwoot/chatwoot"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "chatwoot/chatwoot",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.6.0"
}
]
}
}
]
},
"vendor_name": "chatwoot"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-922 Insecure Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a8187478-75e1-4d62-b894-651269401ca3",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a8187478-75e1-4d62-b894-651269401ca3"
},
{
"name": "https://github.com/chatwoot/chatwoot/commit/24b20c10cebd25e61de8d4266c63fde94772e889",
"refsource": "MISC",
"url": "https://github.com/chatwoot/chatwoot/commit/24b20c10cebd25e61de8d4266c63fde94772e889"
}
]
},
"source": {
"advisory": "a8187478-75e1-4d62-b894-651269401ca3",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1021",
"datePublished": "2022-08-19T12:40:10.000Z",
"dateReserved": "2022-03-18T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:47:43.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.