CWE-1295
AllowedDebug Messages Revealing Unnecessary Information
Abstraction: Base · Status: Incomplete
The product fails to adequately prevent the revealing of unnecessary and potentially sensitive system information within debugging messages.
41 vulnerabilities reference this CWE, most recent first.
GHSA-F65R-H4G3-3H9H
Vulnerability from github – Published: 2026-06-26 20:34 – Updated: 2026-06-26 20:34Summary
In backpropagate >= 1.1.0, the optional Reflex web UI (pip install backpropagate[ui], launched via backprop ui) exposes a training control plane: dataset upload, model load, training start/stop, multi-run orchestration, GGUF export, and HuggingFace Hub push.
The CLI accepts two operator-facing flags intended as security controls:
--auth user:pass— documented as "require HTTP Basic authentication on every request to the UI."--share— documented as "expose the UI on a public address; requires--auth."
When --auth user:pass is passed, the CLI prints Auth: enabled (user: <username>) to confirm to the operator that authentication is active, then exports BACKPROPAGATE_UI_AUTH=user:pass to the subprocess that launches the Reflex backend.
The Reflex backend (backpropagate/ui_app/**) never reads BACKPROPAGATE_UI_AUTH. No authentication middleware is registered. No request-level guard runs. No WebSocket upgrade guard runs. Any client that reaches the bound port — local or remote, depending on whether --share is used — has full UI access.
An inline comment at backpropagate/cli.py:1217-1218 in the v1.1.0 source documents the gap: "For Phase 1 the variable is exported but Reflex doesn't read it yet." This comment was internal-facing; the user-facing documentation (README, CHANGELOG, SHIP_GATE) advertised the contract as enforced.
This advisory is filed primarily because the runtime contradicted an operator-facing security claim. Code-only bugs of comparable shape (auth check missing entirely from a path) would already warrant disclosure; the additional false-promise dimension raises the severity.
Impact
An attacker who reaches the bound port can:
- Read uploaded datasets rendered in the UI preview, including content of any JSONL/CSV/TXT file the legitimate operator has uploaded for fine-tuning.
- Trigger arbitrary training runs against any base model the operator has installed locally or that can be downloaded from HuggingFace.
- Trigger HuggingFace Hub pushes to repositories named via the UI input (subject to the operator's local HF token's scope — typically all repos owned by the operator).
- Cause disk-fill DoS via the
rx.uploadendpoint (no size cap, no extension filter, no per-session count cap in v1.1.0 / v1.1.1). - Read model paths (
source_model_path,dataset_path,model,uploaded_path) which are user-supplied and bypass thesafe_path()helper that lives inbackpropagate/ui_security.py(path validation is dead code on the Reflex surface in v1.1.0 / v1.1.1).
The combination of unauthenticated training control, HF push target spoofing, and path-input traversal makes the affected endpoint suitable for both data exfiltration (reading uploaded training data) and supply-chain attacks (pushing tampered model weights to the operator's HF account).
The local-only default (no --share) reduces exposure to a host-local attacker. The --share flag is documented as a "public URL" feature; operators who used --share --auth user:pass had no warning that the auth half was inert.
Patches
Fixed in v1.2.0 (released 2026-05-23). The patch implements real ASGI middleware via rx.App(api_transformer=basic_auth_transformer) that gates HTTP routes AND the /_event WebSocket upgrade. Four modes (no_auth_local_only / token_auto / explicit_creds / production), HMAC-signed cookie validated PRE-websocket.accept(), Host + Origin allowlists. The middleware ships alongside a 4-layer defense in depth at the cli.py / ui_app/app.py / rxconfig.py / env-strip surfaces so direct python -m reflex run invocations (bypassing the CLI guard) also enforce authentication.
Upgrade with:
- pip:
pip install --upgrade backpropagate - npm:
npm install -g @mcptoolshop/backpropagate@latest
Full release notes: https://github.com/mcp-tool-shop-org/backpropagate/blob/main/CHANGELOG.md#120---2026-05-23
Workarounds
If users cannot upgrade immediately:
- Do not pass
--author--sharetobackprop ui. Run the UI with no flags (backprop ui); it will bind tolocalhostand accept any client that can reach127.0.0.1. - For remote access, use SSH port-forwarding instead of
--share:# On the client: ssh -L 7860:localhost:7860 <training-host> # On the server: backprop ui # no --share # Then open http://localhost:7860 in your local browser.SSH provides the authentication layer the Reflex UI did not. - Audit existing deployments. If any host running
backpropagate >= 1.1.0has previously been launched with--share, treat any uploaded training data, model paths, or HF push targets visible in that UI session as potentially exposed. Re-issue HF tokens that have been in use during such sessions.
Binary distribution gap. Standalone binaries (Windows .exe / macOS .app via PyInstaller) failed to build for v1.2.0 and will land in a follow-up patch release. In the interim, users who relied on the v1.1.x binary distribution should install the patched version via pip install backpropagate==1.2.0 to receive the auth-bypass fix. The v1.2.0 PyPI package and @mcptoolshop/backpropagate@1.2.0 npm package both carry the patched code.
Credit
Discovered by the dogfood-swarm Stage A audit on 2026-05-22 (finding ID FRONTEND-A-001, classified CRITICAL). The audit also surfaced contradicting documentation in CHANGELOG / SHIP_GATE / README; those were corrected in v1.2.0 alongside the runtime fix.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "backpropagate"
},
"ranges": [
{
"events": [
{
"introduced": "1.1.0"
},
{
"fixed": "1.2.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@mcptoolshop/backpropagate"
},
"ranges": [
{
"events": [
{
"introduced": "1.1.0"
},
{
"fixed": "1.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-48797"
],
"database_specific": {
"cwe_ids": [
"CWE-1295",
"CWE-358",
"CWE-862"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-26T20:34:29Z",
"nvd_published_at": "2026-06-17T13:20:43Z",
"severity": "CRITICAL"
},
"details": "## Summary\n\nIn `backpropagate \u003e= 1.1.0`, the optional Reflex web UI (`pip install backpropagate[ui]`, launched via `backprop ui`) exposes a training control plane: dataset upload, model load, training start/stop, multi-run orchestration, GGUF export, and HuggingFace Hub push.\n\nThe CLI accepts two operator-facing flags intended as security controls:\n\n- `--auth user:pass` \u2014 documented as \"require HTTP Basic authentication on every request to the UI.\"\n- `--share` \u2014 documented as \"expose the UI on a public address; requires `--auth`.\"\n\nWhen `--auth user:pass` is passed, the CLI prints `Auth: enabled (user: \u003cusername\u003e)` to confirm to the operator that authentication is active, then exports `BACKPROPAGATE_UI_AUTH=user:pass` to the subprocess that launches the Reflex backend.\n\n**The Reflex backend (`backpropagate/ui_app/**`) never reads `BACKPROPAGATE_UI_AUTH`.** No authentication middleware is registered. No request-level guard runs. No WebSocket upgrade guard runs. Any client that reaches the bound port \u2014 local or remote, depending on whether `--share` is used \u2014 has full UI access.\n\nAn inline comment at `backpropagate/cli.py:1217-1218` in the v1.1.0 source documents the gap: *\"For Phase 1 the variable is exported but Reflex doesn\u0027t read it yet.\"* This comment was internal-facing; the user-facing documentation (README, CHANGELOG, SHIP_GATE) advertised the contract as enforced.\n\nThis advisory is filed primarily because the runtime contradicted an operator-facing security claim. Code-only bugs of comparable shape (auth check missing entirely from a path) would already warrant disclosure; the additional false-promise dimension raises the severity.\n\n## Impact\n\nAn attacker who reaches the bound port can:\n\n- **Read uploaded datasets** rendered in the UI preview, including content of any JSONL/CSV/TXT file the legitimate operator has uploaded for fine-tuning.\n- **Trigger arbitrary training runs** against any base model the operator has installed locally or that can be downloaded from HuggingFace.\n- **Trigger HuggingFace Hub pushes** to repositories named via the UI input (subject to the operator\u0027s local HF token\u0027s scope \u2014 typically all repos owned by the operator).\n- **Cause disk-fill DoS** via the `rx.upload` endpoint (no size cap, no extension filter, no per-session count cap in v1.1.0 / v1.1.1).\n- **Read model paths** (`source_model_path`, `dataset_path`, `model`, `uploaded_path`) which are user-supplied and bypass the `safe_path()` helper that lives in `backpropagate/ui_security.py` (path validation is dead code on the Reflex surface in v1.1.0 / v1.1.1).\n\nThe combination of unauthenticated training control, HF push target spoofing, and path-input traversal makes the affected endpoint suitable for both data exfiltration (reading uploaded training data) and supply-chain attacks (pushing tampered model weights to the operator\u0027s HF account).\n\nThe local-only default (no `--share`) reduces exposure to a host-local attacker. The `--share` flag is documented as a \"public URL\" feature; operators who used `--share --auth user:pass` had no warning that the auth half was inert.\n\n## Patches\n\nFixed in **v1.2.0** (released 2026-05-23). The patch implements real ASGI middleware via `rx.App(api_transformer=basic_auth_transformer)` that gates HTTP routes AND the `/_event` WebSocket upgrade. Four modes (`no_auth_local_only` / `token_auto` / `explicit_creds` / `production`), HMAC-signed cookie validated PRE-`websocket.accept()`, Host + Origin allowlists. The middleware ships alongside a 4-layer defense in depth at the cli.py / ui_app/app.py / rxconfig.py / env-strip surfaces so direct `python -m reflex run` invocations (bypassing the CLI guard) also enforce authentication.\n\nUpgrade with:\n\n- pip: `pip install --upgrade backpropagate`\n- npm: `npm install -g @mcptoolshop/backpropagate@latest`\n\nFull release notes: https://github.com/mcp-tool-shop-org/backpropagate/blob/main/CHANGELOG.md#120---2026-05-23\n\n## Workarounds\n\nIf users cannot upgrade immediately:\n\n1. **Do not pass `--auth` or `--share` to `backprop ui`.** Run the UI with no flags (`backprop ui`); it will bind to `localhost` and accept any client that can reach `127.0.0.1`.\n2. **For remote access, use SSH port-forwarding** instead of `--share`:\n ```\n # On the client:\n ssh -L 7860:localhost:7860 \u003ctraining-host\u003e\n # On the server:\n backprop ui # no --share\n # Then open http://localhost:7860 in your local browser.\n ```\n SSH provides the authentication layer the Reflex UI did not.\n3. **Audit existing deployments.** If any host running `backpropagate \u003e= 1.1.0` has previously been launched with `--share`, treat any uploaded training data, model paths, or HF push targets visible in that UI session as potentially exposed. Re-issue HF tokens that have been in use during such sessions.\n\n**Binary distribution gap.** Standalone binaries (Windows .exe / macOS .app via PyInstaller) failed to build for v1.2.0 and will land in a follow-up patch release. In the interim, users who relied on the v1.1.x binary distribution should install the patched version via `pip install backpropagate==1.2.0` to receive the auth-bypass fix. The v1.2.0 PyPI package and `@mcptoolshop/backpropagate@1.2.0` npm package both carry the patched code.\n\n## Credit\n\nDiscovered by the dogfood-swarm Stage A audit on 2026-05-22 (finding ID `FRONTEND-A-001`, classified CRITICAL). The audit also surfaced contradicting documentation in CHANGELOG / SHIP_GATE / README; those were corrected in v1.2.0 alongside the runtime fix.",
"id": "GHSA-f65r-h4g3-3h9h",
"modified": "2026-06-26T20:34:29Z",
"published": "2026-06-26T20:34:29Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/mcp-tool-shop-org/backpropagate/security/advisories/GHSA-f65r-h4g3-3h9h"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48797"
},
{
"type": "PACKAGE",
"url": "https://github.com/mcp-tool-shop-org/backpropagate"
},
{
"type": "WEB",
"url": "https://github.com/mcp-tool-shop-org/backpropagate/releases/tag/v1.2.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Backpropagate: backprop ui --auth and backprop ui --share do not enforce authentication"
}
GHSA-JX64-R67P-6V8C
Vulnerability from github – Published: 2025-02-14 06:30 – Updated: 2025-08-26 21:31Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. An attacker with privileged access to the Brocade SANnav database could use the encryption key to obtain passwords used by Brocade SANnav.
{
"affected": [],
"aliases": [
"CVE-2025-1053"
],
"database_specific": {
"cwe_ids": [
"CWE-1295",
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-14T04:15:08Z",
"severity": "HIGH"
},
"details": "Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. An attacker with privileged access to the Brocade SANnav database could use the encryption key to obtain passwords used by Brocade SANnav.",
"id": "GHSA-jx64-r67p-6v8c",
"modified": "2025-08-26T21:31:06Z",
"published": "2025-02-14T06:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1053"
},
{
"type": "WEB",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25399"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-M6VW-RHWF-XJXQ
Vulnerability from github – Published: 2023-10-17 00:30 – Updated: 2024-04-04 08:42Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials.
{
"affected": [],
"aliases": [
"CVE-2023-4215"
],
"database_specific": {
"cwe_ids": [
"CWE-1295",
"CWE-200"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-17T00:15:11Z",
"severity": "HIGH"
},
"details": "Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials.",
"id": "GHSA-m6vw-rhwf-xjxq",
"modified": "2024-04-04T08:42:11Z",
"published": "2023-10-17T00:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4215"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-15"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PPM5-JV84-2XG2
Vulnerability from github – Published: 2024-06-25 17:26 – Updated: 2024-06-25 22:18Impact
Debug information can reveal sensitive information from environment variables in error log
Affected platform
Laravel environments with multi-vendor setups and admin access for the vendors
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "aimeos/ai-client-html"
},
"ranges": [
{
"events": [
{
"introduced": "2024.04.1"
},
{
"fixed": "2024.04.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "aimeos/ai-client-html"
},
"ranges": [
{
"events": [
{
"introduced": "2023.04.1"
},
{
"fixed": "2023.10.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "aimeos/ai-client-html"
},
"ranges": [
{
"events": [
{
"introduced": "2022.04.1"
},
{
"fixed": "2022.10.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "aimeos/ai-client-html"
},
"ranges": [
{
"events": [
{
"introduced": "2021.10.1"
},
{
"fixed": "2021.10.22"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-38516"
],
"database_specific": {
"cwe_ids": [
"CWE-1295"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-25T17:26:56Z",
"nvd_published_at": "2024-06-25T21:15:59Z",
"severity": "HIGH"
},
"details": "### Impact\nDebug information can reveal sensitive information from environment variables in error log\n\n### Affected platform\nLaravel environments with multi-vendor setups and admin access for the vendors",
"id": "GHSA-ppm5-jv84-2xg2",
"modified": "2024-06-25T22:18:15Z",
"published": "2024-06-25T17:26:56Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/aimeos/ai-client-html/security/advisories/GHSA-ppm5-jv84-2xg2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38516"
},
{
"type": "WEB",
"url": "https://github.com/aimeos/ai-client-html/commit/bb389620ffc3cf4a2f29c11a1e5f512049e0c132"
},
{
"type": "PACKAGE",
"url": "https://github.com/aimeos/ai-client-html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Aimeos HTML client may potentially reveal sensitive information in error log"
}
GHSA-Q76Q-CWC5-25WV
Vulnerability from github – Published: 2024-06-14 06:34 – Updated: 2024-07-04 06:35Admin cookies are written in clear-text in logs. An attacker can retrieve them and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL.
{
"affected": [],
"aliases": [
"CVE-2024-27179"
],
"database_specific": {
"cwe_ids": [
"CWE-1295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-14T04:15:39Z",
"severity": "MODERATE"
},
"details": "Admin cookies are written in clear-text in logs. An attacker can retrieve them and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL.",
"id": "GHSA-q76q-cwc5-25wv",
"modified": "2024-07-04T06:35:04Z",
"published": "2024-06-14T06:34:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27179"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/vu/JVNVU97136265/index.html"
},
{
"type": "WEB",
"url": "https://www.toshibatec.com/information/20240531_01.html"
},
{
"type": "WEB",
"url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QRG9-F472-QWFM
Vulnerability from github – Published: 2021-06-28 16:55 – Updated: 2021-06-24 19:46Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.14 (Vaadin 10.0.0 through 10.0.18), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), and 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows network attacker to enumerate all available routes via crafted HTTP request when application is running in production mode and no custom handler for NotFoundException is provided.
- https://vaadin.com/security/cve-2021-31412
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 10.0.18"
},
"package": {
"ecosystem": "Maven",
"name": "com.vaadin:vaadin-bom"
},
"ranges": [
{
"events": [
{
"introduced": "10.0.0"
},
{
"fixed": "10.0.19"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c 14.0.0"
},
"package": {
"ecosystem": "Maven",
"name": "com.vaadin:vaadin-bom"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0"
},
{
"fixed": "14.6.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 19.0.8"
},
"package": {
"ecosystem": "Maven",
"name": "com.vaadin:vaadin-bom"
},
"ranges": [
{
"events": [
{
"introduced": "15.0.0"
},
{
"fixed": "19.0.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-31412"
],
"database_specific": {
"cwe_ids": [
"CWE-1295",
"CWE-20",
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2021-06-24T19:46:19Z",
"nvd_published_at": "2021-06-24T12:15:00Z",
"severity": "MODERATE"
},
"details": "Improper sanitization of path in default `RouteNotFoundError` view in `com.vaadin:flow-server` versions 1.0.0 through 1.0.14 (Vaadin 10.0.0 through 10.0.18), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), and 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows network attacker to enumerate all available routes via crafted HTTP request when application is running in production mode and no custom handler for `NotFoundException` is provided.\n\n- https://vaadin.com/security/cve-2021-31412",
"id": "GHSA-qrg9-f472-qwfm",
"modified": "2021-06-24T19:46:19Z",
"published": "2021-06-28T16:55:58Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/vaadin/platform/security/advisories/GHSA-qrg9-f472-qwfm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31412"
},
{
"type": "WEB",
"url": "https://github.com/vaadin/flow/pull/11107"
},
{
"type": "WEB",
"url": "https://vaadin.com/security/cve-2021-31412"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19"
}
GHSA-QV29-2G6C-W6PF
Vulnerability from github – Published: 2025-11-08 00:31 – Updated: 2025-11-10 18:30Inappropriate implementation in Passkeys in Google Chrome prior to 140.0.7339.80 allowed a local attacker to obtain potentially sensitive information via debug logs. (Chromium security severity: Low)
{
"affected": [],
"aliases": [
"CVE-2025-12910"
],
"database_specific": {
"cwe_ids": [
"CWE-1295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-08T00:15:35Z",
"severity": "MODERATE"
},
"details": "Inappropriate implementation in Passkeys in Google Chrome prior to 140.0.7339.80 allowed a local attacker to obtain potentially sensitive information via debug logs. (Chromium security severity: Low)",
"id": "GHSA-qv29-2g6c-w6pf",
"modified": "2025-11-10T18:30:34Z",
"published": "2025-11-08T00:31:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12910"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/434977743"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-R228-W758-3QFV
Vulnerability from github – Published: 2023-02-10 21:30 – Updated: 2023-02-27 15:30Dell BSAFE SSL-J when used in debug mode can reveal unnecessary information. An attacker could potentially exploit this vulnerability and have access to private information.
{
"affected": [],
"aliases": [
"CVE-2022-34364"
],
"database_specific": {
"cwe_ids": [
"CWE-1295",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-10T20:15:00Z",
"severity": "MODERATE"
},
"details": "Dell BSAFE SSL-J when used in debug mode can reveal unnecessary information. An attacker could potentially exploit this vulnerability and have access to private information.",
"id": "GHSA-r228-w758-3qfv",
"modified": "2023-02-27T15:30:22Z",
"published": "2023-02-10T21:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34364"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000203275/dsa-2022-188-dell-bsafe-ssl-j-6-5-and-7-1-security-vulnerability"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RV94-849J-V27X
Vulnerability from github – Published: 2025-02-03 06:30 – Updated: 2025-02-03 18:30In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2056.
{
"affected": [],
"aliases": [
"CVE-2025-20643"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-1295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-03T04:15:09Z",
"severity": "MODERATE"
},
"details": "In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2056.",
"id": "GHSA-rv94-849j-v27x",
"modified": "2025-02-03T18:30:41Z",
"published": "2025-02-03T06:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20643"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/February-2025"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-WFXF-3935-5JGV
Vulnerability from github – Published: 2025-03-28 15:31 – Updated: 2026-03-20 18:31A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also affects Event Streams.
{
"affected": [],
"aliases": [
"CVE-2025-2877"
],
"database_specific": {
"cwe_ids": [
"CWE-1295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-28T14:15:21Z",
"severity": "MODERATE"
},
"details": "A flaw was found in the Ansible Automation Platform\u0027s Event-Driven Ansible. In configurations where verbosity is set to \"debug\", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any \"debug\" action in a rulebook and also affects Event Streams.",
"id": "GHSA-wfxf-3935-5jgv",
"modified": "2026-03-20T18:31:14Z",
"published": "2025-03-28T15:31:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2877"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible-rulebook/pull/767"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:3636"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:3637"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-2877"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355540"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Ensure that a debug message does not reveal any unnecessary information during the debug process for the intended response.
CAPEC-121: Exploit Non-Production Interfaces
An adversary exploits a sample, demonstration, test, or debug interface that is unintentionally enabled on a production system, with the goal of gleaning information or leveraging functionality that would otherwise be unavailable.