CWE-203
AllowedObservable Discrepancy
Abstraction: Base · Status: Incomplete
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
836 vulnerabilities reference this CWE, most recent first.
GHSA-J4V4-83W4-PH37
Vulnerability from github – Published: 2022-05-24 17:07 – Updated: 2022-05-24 17:07An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username.
{
"affected": [],
"aliases": [
"CVE-2019-16516"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-23T18:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username.",
"id": "GHSA-j4v4-83w4-ph37",
"modified": "2022-05-24T17:07:11Z",
"published": "2022-05-24T17:07:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16516"
},
{
"type": "WEB",
"url": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34"
},
{
"type": "WEB",
"url": "https://know.bishopfox.com/advisories"
},
{
"type": "WEB",
"url": "https://know.bishopfox.com/advisories/connectwise-control"
},
{
"type": "WEB",
"url": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox"
},
{
"type": "WEB",
"url": "https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/165432/ConnectWise-Control-19.2.24707-Username-Enumeration.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-J4VH-R4C7-FPMX
Vulnerability from github – Published: 2023-04-26 00:30 – Updated: 2024-04-04 03:41Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials.
{
"affected": [],
"aliases": [
"CVE-2023-26560"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-26T00:15:09Z",
"severity": "MODERATE"
},
"details": "Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials.",
"id": "GHSA-j4vh-r4c7-fpmx",
"modified": "2024-04-04T03:41:23Z",
"published": "2023-04-26T00:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26560"
},
{
"type": "WEB",
"url": "https://cfengine.com/blog/2023/cve-2023-26560"
},
{
"type": "WEB",
"url": "https://northern.tech"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-J523-GF5P-F8PM
Vulnerability from github – Published: 2022-05-13 01:05 – Updated: 2025-04-20 03:48On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself, aka a ROBOT attack.
{
"affected": [],
"aliases": [
"CVE-2017-6168"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-17T19:29:00Z",
"severity": "HIGH"
},
"details": "On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server\u0027s private key itself, aka a ROBOT attack.",
"id": "GHSA-j523-gf5p-f8pm",
"modified": "2025-04-20T03:48:47Z",
"published": "2022-05-13T01:05:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6168"
},
{
"type": "WEB",
"url": "https://robotattack.org"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K21905460"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/144389"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101901"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039839"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-J5PR-VRJJ-9V4H
Vulnerability from github – Published: 2025-07-07 12:30 – Updated: 2025-07-08 18:44The parisneo/lollms repository is affected by a timing attack vulnerability in the authenticate_user function within the lollms_authentication.py file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The affected version is the latest, and the issue is resolved in commit f78437f. The vulnerability arises from the use of Python's default string equality operator for password comparison, which compares characters sequentially and exits on the first mismatch, leading to variable response times based on the number of matching initial characters.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "lollms"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-6386"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": true,
"github_reviewed_at": "2025-07-08T18:44:08Z",
"nvd_published_at": "2025-07-07T10:15:29Z",
"severity": "HIGH"
},
"details": "The parisneo/lollms repository is affected by a timing attack vulnerability in the `authenticate_user` function within the `lollms_authentication.py` file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The affected version is the latest, and the issue is resolved in commit f78437f. The vulnerability arises from the use of Python\u0027s default string equality operator for password comparison, which compares characters sequentially and exits on the first mismatch, leading to variable response times based on the number of matching initial characters.",
"id": "GHSA-j5pr-vrjj-9v4h",
"modified": "2025-07-08T18:44:08Z",
"published": "2025-07-07T12:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6386"
},
{
"type": "WEB",
"url": "https://github.com/parisneo/lollms/commit/f78437f7b5aa39a78c6201912faf4e0645a38c48"
},
{
"type": "PACKAGE",
"url": "https://github.com/ParisNeo/lollms"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/6da05485-d219-4f18-9ffc-991053524b67"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Lord of Large Language Models vulnerable to Observable Discrepancy attack via authenticate_user function"
}
GHSA-J5V3-363P-G843
Vulnerability from github – Published: 2022-10-20 19:00 – Updated: 2022-10-24 18:51OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.opencrx:opencrx-client"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.2.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-40084"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": true,
"github_reviewed_at": "2022-10-24T18:51:43Z",
"nvd_published_at": "2022-10-20T14:15:00Z",
"severity": "MODERATE"
},
"details": "OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid.",
"id": "GHSA-j5v3-363p-g843",
"modified": "2022-10-24T18:51:43Z",
"published": "2022-10-20T19:00:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40084"
},
{
"type": "WEB",
"url": "https://cwe.mitre.org/data/definitions/204.html"
},
{
"type": "WEB",
"url": "https://github.com/ciph0x01/OpenCRX-CVE/blob/main/CVE-2022-40084.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "OpenCRX vulnerable to password enumeration via error messages in password reset"
}
GHSA-J6JW-VV8W-Q769
Vulnerability from github – Published: 2022-05-01 01:53 – Updated: 2022-05-01 01:53The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet Explorer, allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not.
{
"affected": [],
"aliases": [
"CVE-2005-0918"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2005-05-05T04:00:00Z",
"severity": "MODERATE"
},
"details": "The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet Explorer, allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not.",
"id": "GHSA-j6jw-vv8w-q769",
"modified": "2022-05-01T01:53:08Z",
"published": "2022-05-01T01:53:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-0918"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/15255"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1013890"
},
{
"type": "WEB",
"url": "http://www.adobe.com/support/techdocs/323585.html"
},
{
"type": "WEB",
"url": "http://www.hyperdose.com/advisories/H2005-07.txt"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-J757-PF57-F8R4
Vulnerability from github – Published: 2024-10-10 22:03 – Updated: 2025-01-21 17:55Impact
What kind of vulnerability is it? Who is impacted?
This vulnerability involves a timing attack in the way Gradio compares hashes for the analytics_dashboard function. Since the comparison is not done in constant time, an attacker could exploit this by measuring the response time of different requests to infer the correct hash byte-by-byte. This can lead to unauthorized access to the analytics dashboard, especially if the attacker can repeatedly query the system with different keys.
Patches
Yes, please upgrade to gradio>4.44 to mitigate this issue.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
To mitigate the risk before applying the patch, developers can manually patch the analytics_dashboard dashboard to use a constant-time comparison function for comparing sensitive values, such as hashes. Alternatively, access to the analytics dashboard can be disabled.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "gradio"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.44.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-47869"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-208"
],
"github_reviewed": true,
"github_reviewed_at": "2024-10-10T22:03:29Z",
"nvd_published_at": "2024-10-10T23:15:02Z",
"severity": "MODERATE"
},
"details": "### Impact \n**What kind of vulnerability is it? Who is impacted?**\n\nThis vulnerability involves a **timing attack** in the way Gradio compares hashes for the `analytics_dashboard` function. Since the comparison is not done in constant time, an attacker could exploit this by measuring the response time of different requests to infer the correct hash byte-by-byte. This can lead to unauthorized access to the analytics dashboard, especially if the attacker can repeatedly query the system with different keys.\n\n### Patches \nYes, please upgrade to `gradio\u003e4.44` to mitigate this issue.\n\n### Workarounds \n**Is there a way for users to fix or remediate the vulnerability without upgrading?**\n\nTo mitigate the risk before applying the patch, developers can manually patch the `analytics_dashboard` dashboard to use a **constant-time comparison** function for comparing sensitive values, such as hashes. Alternatively, access to the analytics dashboard can be disabled.",
"id": "GHSA-j757-pf57-f8r4",
"modified": "2025-01-21T17:55:59Z",
"published": "2024-10-10T22:03:29Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-j757-pf57-f8r4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47869"
},
{
"type": "PACKAGE",
"url": "https://github.com/gradio-app/gradio"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/gradio/PYSEC-2024-199.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Gradio performs a non-constant-time comparison when comparing hashes"
}
GHSA-J7QG-8R9M-WXM8
Vulnerability from github – Published: 2022-08-24 00:00 – Updated: 2022-08-27 00:00All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users.
{
"affected": [],
"aliases": [
"CVE-2022-1989"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-204"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-23T10:15:00Z",
"severity": "MODERATE"
},
"details": "All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users.",
"id": "GHSA-j7qg-8r9m-wxm8",
"modified": "2022-08-27T00:00:49Z",
"published": "2022-08-24T00:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1989"
},
{
"type": "WEB",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17142\u0026token=a3696ab41fef800d2eaee8043d40d5fbe94277fd\u0026download="
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-J97V-8QWG-MHR3
Vulnerability from github – Published: 2022-02-12 00:00 – Updated: 2022-02-19 00:01In isServiceDistractionOptimized of CarPackageManagerService.java, there is a possible disclosure of installed packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-180418334
{
"affected": [],
"aliases": [
"CVE-2021-0524"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-11T18:15:00Z",
"severity": "MODERATE"
},
"details": "In isServiceDistractionOptimized of CarPackageManagerService.java, there is a possible disclosure of installed packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-180418334",
"id": "GHSA-j97v-8qwg-mhr3",
"modified": "2022-02-19T00:01:52Z",
"published": "2022-02-12T00:00:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0524"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/aaos/2022-02-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-J9PM-88V7-RVP8
Vulnerability from github – Published: 2024-10-15 21:30 – Updated: 2024-10-15 21:30Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).
{
"affected": [],
"aliases": [
"CVE-2024-21251"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-15T20:15:15Z",
"severity": "LOW"
},
"details": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).",
"id": "GHSA-j9pm-88v7-rvp8",
"modified": "2024-10-15T21:30:38Z",
"published": "2024-10-15T21:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21251"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-39
- Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
- If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
- Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
CAPEC-189: Black Box Reverse Engineering
An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs. Black Box Reverse Engineering also refers to gathering physical side effects of a hardware device, such as electromagnetic radiation or sounds.