CWE-203
AllowedObservable Discrepancy
Abstraction: Base · Status: Incomplete
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
836 vulnerabilities reference this CWE, most recent first.
GHSA-9GRJ-J43M-MJQR
Vulnerability from github – Published: 2022-06-24 00:00 – Updated: 2022-12-05 23:37In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm. This allows attackers to determine the validity of attacker-specified usernames.
Login attempts with an invalid username now validate a synthetic password to eliminate the timing discrepancy in Jenkins 2.356, LTS 2.332.4.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.main:jenkins-core"
},
"ranges": [
{
"events": [
{
"introduced": "2.334"
},
{
"fixed": "2.356"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.main:jenkins-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.332.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-34174"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-208"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-05T23:37:15Z",
"nvd_published_at": "2022-06-23T17:15:00Z",
"severity": "MODERATE"
},
"details": "In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm. This allows attackers to determine the validity of attacker-specified usernames.\n\nLogin attempts with an invalid username now validate a synthetic password to eliminate the timing discrepancy in Jenkins 2.356, LTS 2.332.4.",
"id": "GHSA-9grj-j43m-mjqr",
"modified": "2022-12-05T23:37:15Z",
"published": "2022-06-24T00:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34174"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/jenkins/commit/957ef5902f2e40b6358e6d10f12b26f9dbd2f75a"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/jenkins"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2566"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Observable timing discrepancy allows determining username validity in Jenkins"
}
GHSA-9GWC-9RCR-PXMC
Vulnerability from github – Published: 2022-05-24 17:29 – Updated: 2024-03-21 03:33Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400. Invalid usernames will receive error 401 indefinitely.
{
"affected": [],
"aliases": [
"CVE-2020-25200"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-01T18:15:00Z",
"severity": "MODERATE"
},
"details": "Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400. Invalid usernames will receive error 401 indefinitely.",
"id": "GHSA-9gwc-9rcr-pxmc",
"modified": "2024-03-21T03:33:55Z",
"published": "2022-05-24T17:29:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25200"
},
{
"type": "WEB",
"url": "https://github.com/lukaszstu/pritunl/blob/master/CVE-2020-25200"
},
{
"type": "WEB",
"url": "https://pritunl.com"
},
{
"type": "WEB",
"url": "https://pritunl.com/security"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9HCM-HR65-2825
Vulnerability from github – Published: 2024-10-29 15:32 – Updated: 2024-10-29 15:32mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. Specifically, in the context of password handling, an attacker can determine valid login credentials based on the server's response time, potentially leading to unauthorized access.
{
"affected": [],
"aliases": [
"CVE-2024-7010"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-203",
"CWE-208"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-29T13:15:08Z",
"severity": "HIGH"
},
"details": "mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. Specifically, in the context of password handling, an attacker can determine valid login credentials based on the server\u0027s response time, potentially leading to unauthorized access.",
"id": "GHSA-9hcm-hr65-2825",
"modified": "2024-10-29T15:32:05Z",
"published": "2024-10-29T15:32:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7010"
},
{
"type": "WEB",
"url": "https://github.com/mudler/localai/commit/db1159b6511e8fa09e594f9db0fec6ab4e142468"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/e286ed00-6383-47de-b5bc-9b9fad67c362"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9HX9-Q6RP-5GWC
Vulnerability from github – Published: 2024-07-30 09:32 – Updated: 2024-09-07 00:31Matrix Tafnit v8
CWE-204: Observable Response Discrepancy
{
"affected": [],
"aliases": [
"CVE-2024-38431"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-204"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-30T09:15:03Z",
"severity": "MODERATE"
},
"details": "Matrix\u00a0Tafnit v8\n\n - \n\nCWE-204: Observable Response Discrepancy",
"id": "GHSA-9hx9-q6rp-5gwc",
"modified": "2024-09-07T00:31:28Z",
"published": "2024-07-30T09:32:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38431"
},
{
"type": "WEB",
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9J4Q-JQ6X-2VV2
Vulnerability from github – Published: 2021-12-16 00:00 – Updated: 2021-12-21 00:01In getNetworkTypeForSubscriber of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186776740
{
"affected": [],
"aliases": [
"CVE-2021-1014"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-15T19:15:00Z",
"severity": "MODERATE"
},
"details": "In getNetworkTypeForSubscriber of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186776740",
"id": "GHSA-9j4q-jq6x-2vv2",
"modified": "2021-12-21T00:01:13Z",
"published": "2021-12-16T00:00:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1014"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2021-12-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-9J52-Q8C5-8MPR
Vulnerability from github – Published: 2025-08-09 21:30 – Updated: 2025-08-09 21:30A vulnerability has been found in riscv-boom SonicBOOM up to 2.2.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component L1 Data Cache Handler. The manipulation leads to observable timing discrepancy. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-8774"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-09T21:15:25Z",
"severity": "LOW"
},
"details": "A vulnerability has been found in riscv-boom SonicBOOM up to 2.2.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component L1 Data Cache Handler. The manipulation leads to observable timing discrepancy. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-9j52-q8c5-8mpr",
"modified": "2025-08-09T21:30:23Z",
"published": "2025-08-09T21:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8774"
},
{
"type": "WEB",
"url": "https://github.com/fizz-is-on-the-way/vuls_cpu/tree/master/MSHRush"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.319297"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.319297"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.625550"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-9J8P-G942-2M9H
Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-05-24 19:04Improper permissions in the installer for the Intel(R) Brand Verification Tool before version 11.0.0.1225 may allow an authenticated user to potentially enable escalation of privilege via local access.
{
"affected": [],
"aliases": [
"CVE-2021-0086"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-09T20:15:00Z",
"severity": "MODERATE"
},
"details": "Improper permissions in the installer for the Intel(R) Brand Verification Tool before version 11.0.0.1225 may allow an authenticated user to potentially enable escalation of privilege via local access.",
"id": "GHSA-9j8p-g942-2m9h",
"modified": "2022-05-24T19:04:24Z",
"published": "2022-05-24T19:04:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0086"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H36U6CNREC436W6GYO7QUMJIVEA35SCV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVA2NY26MMXOODUMYZN5DCU3FXMBMBOB"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00516.html"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00546.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/06/08/7"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/06/09/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/06/10/1"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-9MPJ-44VG-WF94
Vulnerability from github – Published: 2022-05-24 17:38 – Updated: 2022-05-24 17:38An email address enumeration vulnerability exists in the password reset function of Rocket.Chat through 3.7.1.
{
"affected": [],
"aliases": [
"CVE-2020-28208"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-08T18:15:00Z",
"severity": "MODERATE"
},
"details": "An email address enumeration vulnerability exists in the password reset function of Rocket.Chat through 3.7.1.",
"id": "GHSA-9mpj-44vg-wf94",
"modified": "2022-05-24T17:38:20Z",
"published": "2022-05-24T17:38:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28208"
},
{
"type": "WEB",
"url": "https://trovent.github.io/security-advisories/TRSA-2010-01/TRSA-2010-01.txt"
},
{
"type": "WEB",
"url": "https://trovent.io/security-advisory-2010-01"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/160845/Rocket.Chat-3.7.1-Email-Address-Enumeration.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2021/Jan/32"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2021/Jan/43"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/01/07/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/01/08/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/01/13/1"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-9P7X-8C57-4PQV
Vulnerability from github – Published: 2025-09-09 21:30 – Updated: 2025-09-11 13:30Enumeration of ERC from object entry in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 and 7.4 GA through update 92 allow attackers to determine existent ERC in the application by exploit the time response.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.liferay:com.liferay.portal.vulcan.impl"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.7"
},
{
"fixed": "5.0.127"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.liferay:com.liferay.headless.admin.workflow.impl"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.4"
},
{
"fixed": "5.0.83"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.liferay:com.liferay.portal.workflow.api"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.1"
},
{
"fixed": "11.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-43786"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-208"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-11T13:30:32Z",
"nvd_published_at": "2025-09-09T20:15:40Z",
"severity": "MODERATE"
},
"details": "Enumeration of ERC from object entry in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 and 7.4 GA through update 92 allow attackers to determine existent ERC in the application by exploit the time response.",
"id": "GHSA-9p7x-8c57-4pqv",
"modified": "2025-09-11T13:30:32Z",
"published": "2025-09-09T21:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43786"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/8f9728086bd61661437b0aa8493c83510914a474"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/e34499eab2ce1d544835835afe6733a78b4ab532"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/e4a140d6d92e92911f08fe33051b677742531f19"
},
{
"type": "PACKAGE",
"url": "https://github.com/liferay/liferay-portal"
},
{
"type": "WEB",
"url": "https://liferay.atlassian.net/browse/LPE-18106"
},
{
"type": "WEB",
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43786"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Liferay Portal exposes ERC which can lead to exploit the time response attack"
}
GHSA-9Q7X-6RCG-JFJW
Vulnerability from github – Published: 2023-10-30 18:30 – Updated: 2023-11-07 03:30In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2023-21336"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-30T17:15:49Z",
"severity": "MODERATE"
},
"details": "In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-9q7x-6rcg-jfjw",
"modified": "2023-11-07T03:30:25Z",
"published": "2023-10-30T18:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21336"
},
{
"type": "WEB",
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-39
- Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
- If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
- Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
CAPEC-189: Black Box Reverse Engineering
An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs. Black Box Reverse Engineering also refers to gathering physical side effects of a hardware device, such as electromagnetic radiation or sounds.