CWE-203
AllowedObservable Discrepancy
Abstraction: Base · Status: Incomplete
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
836 vulnerabilities reference this CWE, most recent first.
GHSA-MJ59-569C-8FQG
Vulnerability from github – Published: 2025-03-11 03:30 – Updated: 2025-03-11 03:30IBM Common Cryptographic Architecture 7.0.0 through 7.5.51
could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations.
{
"affected": [],
"aliases": [
"CVE-2024-41760"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-11T01:15:33Z",
"severity": "LOW"
},
"details": "IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 \n\ncould allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations.",
"id": "GHSA-mj59-569c-8fqg",
"modified": "2025-03-11T03:30:50Z",
"published": "2025-03-11T03:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41760"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7185282"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MJQV-XHGM-GX8C
Vulnerability from github – Published: 2023-04-21 18:30 – Updated: 2025-02-05 19:43io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. (bnb-chain/tss-lib and thorchain/tss are also affected.)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/bnb-chain/tss-lib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.6-0.20230324145555-bb6fb30bd3eb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/binance-chain/tss-lib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.6-0.20230324145555-bb6fb30bd3eb"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-26557"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": true,
"github_reviewed_at": "2025-02-05T19:43:31Z",
"nvd_published_at": "2023-04-21T18:15:07Z",
"severity": "HIGH"
},
"details": "io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. (bnb-chain/tss-lib and thorchain/tss are also affected.)",
"id": "GHSA-mjqv-xhgm-gx8c",
"modified": "2025-02-05T19:43:31Z",
"published": "2023-04-21T18:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26557"
},
{
"type": "WEB",
"url": "https://github.com/IoFinnet/tss-lib/releases/tag/v2.0.0"
},
{
"type": "PACKAGE",
"url": "https://github.com/bnb-chain/tss-lib"
},
{
"type": "WEB",
"url": "https://github.com/bnb-chain/tss-lib/tree/v1.3.5"
},
{
"type": "WEB",
"url": "https://gitlab.com/thorchain/tss/tss-lib/-/tags/v0.1.3"
},
{
"type": "WEB",
"url": "https://medium.com/@iofinnet/security-disclosure-for-ecdsa-and-eddsa-threshold-signature-schemes-4e969af7155b"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2023-1733"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "IO FinNet tss-lib vulnerable to timing attack from non-constant time scalar arithmetic"
}
GHSA-MM45-6CWC-XR83
Vulnerability from github – Published: 2022-03-31 00:00 – Updated: 2022-04-06 00:01In WallpaperManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194112606
{
"affected": [],
"aliases": [
"CVE-2021-39791"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-30T16:15:00Z",
"severity": "MODERATE"
},
"details": "In WallpaperManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194112606",
"id": "GHSA-mm45-6cwc-xr83",
"modified": "2022-04-06T00:01:49Z",
"published": "2022-03-31T00:00:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39791"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/android-12l"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MMH4-CVWV-5VMM
Vulnerability from github – Published: 2024-05-14 18:31 – Updated: 2025-10-22 00:33Windows MSHTML Platform Security Feature Bypass Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-30040"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T17:17:12Z",
"severity": "HIGH"
},
"details": "Windows MSHTML Platform Security Feature Bypass Vulnerability",
"id": "GHSA-mmh4-cvwv-5vmm",
"modified": "2025-10-22T00:33:04Z",
"published": "2024-05-14T18:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30040"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30040"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-30040"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MQF8-4CQM-P83X
Vulnerability from github – Published: 2024-02-08 06:30 – Updated: 2024-02-08 18:30Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the site, which allows remote attackers to discover the existence of sites by enumerating URLs. This vulnerability occurs if locale.prepend.friendly.url.style=2 and if a custom 404 page is used.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.liferay.portal:release.portal.bom"
},
"ranges": [
{
"events": [
{
"introduced": "7.2.0"
},
{
"fixed": "7.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.liferay.portal:release.dxp.bom"
},
"ranges": [
{
"events": [
{
"introduced": "7.3.0"
},
{
"fixed": "7.3.10.u4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.liferay.portal:release.dxp.bom"
},
"ranges": [
{
"events": [
{
"introduced": "7.2.0"
},
{
"fixed": "7.2.10.fp18"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-25146"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-204"
],
"github_reviewed": true,
"github_reviewed_at": "2024-02-08T18:30:36Z",
"nvd_published_at": "2024-02-08T04:15:08Z",
"severity": "MODERATE"
},
"details": "Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the site, which allows remote attackers to discover the existence of sites by enumerating URLs. This vulnerability occurs if locale.prepend.friendly.url.style=2 and if a custom 404 page is used.",
"id": "GHSA-mqf8-4cqm-p83x",
"modified": "2024-02-08T18:30:36Z",
"published": "2024-02-08T06:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25146"
},
{
"type": "PACKAGE",
"url": "https://github.com/liferay/liferay-portal"
},
{
"type": "WEB",
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25146"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Liferay Portal allows attackers to discover the existence of sites"
}
GHSA-MQFP-QPVJ-GHJM
Vulnerability from github – Published: 2024-10-08 18:33 – Updated: 2024-10-08 18:33Windows Cryptographic Information Disclosure Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-43546"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-08T18:15:19Z",
"severity": "MODERATE"
},
"details": "Windows Cryptographic Information Disclosure Vulnerability",
"id": "GHSA-mqfp-qpvj-ghjm",
"modified": "2024-10-08T18:33:16Z",
"published": "2024-10-08T18:33:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43546"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43546"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MQWW-8M23-JP5W
Vulnerability from github – Published: 2023-10-30 18:30 – Updated: 2023-11-06 15:30In Permission Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2023-21327"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-30T17:15:49Z",
"severity": "MODERATE"
},
"details": "In Permission Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-mqww-8m23-jp5w",
"modified": "2023-11-06T15:30:31Z",
"published": "2023-10-30T18:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21327"
},
{
"type": "WEB",
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MR6R-82X4-F4JJ
Vulnerability from github – Published: 2019-11-20 01:34 – Updated: 2021-08-18 22:40In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage of a bit-length of the scalar during scalar multiplication is possible on an elliptic curve which might allow practical recovery of the long-term private key.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "simplito/elliptic-php"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-10764"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": true,
"github_reviewed_at": "2019-11-19T03:07:02Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage of a bit-length of the scalar during scalar multiplication is possible on an elliptic curve which might allow practical recovery of the long-term private key.",
"id": "GHSA-mr6r-82x4-f4jj",
"modified": "2021-08-18T22:40:49Z",
"published": "2019-11-20T01:34:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10764"
},
{
"type": "WEB",
"url": "https://github.com/simplito/elliptic-php/commit/15652609aa55968d56685c2a9120535ccdc00fd9"
},
{
"type": "WEB",
"url": "https://minerva.crocs.fi.muni.cz"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-PHP-SIMPLITOELLIPTICPHP-534576"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Timing attacks might allow practical recovery of the long-term private key"
}
GHSA-MVF6-W562-53X9
Vulnerability from github – Published: 2023-07-25 09:30 – Updated: 2025-02-13 18:31User enumeration in On-premise SureMDM Solution on Windows deployment allows attacker to enumerate local user information via error message.This issue affects SureMDM On-premise: 6.31 and below version
{
"affected": [],
"aliases": [
"CVE-2023-3897"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-25T09:15:11Z",
"severity": "MODERATE"
},
"details": "User enumeration in On-premise SureMDM Solution on Windows deployment allows attacker to enumerate local user information via error message.This issue affects SureMDM On-premise: 6.31 and below version\u00a0",
"id": "GHSA-mvf6-w562-53x9",
"modified": "2025-02-13T18:31:42Z",
"published": "2023-07-25T09:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3897"
},
{
"type": "WEB",
"url": "https://www.42gears.com/security-and-compliance"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/177179/SureMDM-On-Premise-CAPTCHA-Bypass-User-Enumeration.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MVXF-H63W-MQR2
Vulnerability from github – Published: 2025-01-21 21:30 – Updated: 2025-01-21 21:30Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
{
"affected": [],
"aliases": [
"CVE-2025-21510"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-21T21:15:16Z",
"severity": "HIGH"
},
"details": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",
"id": "GHSA-mvxf-h63w-mqr2",
"modified": "2025-01-21T21:30:55Z",
"published": "2025-01-21T21:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21510"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-39
- Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
- If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
- Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
CAPEC-189: Black Box Reverse Engineering
An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs. Black Box Reverse Engineering also refers to gathering physical side effects of a hardware device, such as electromagnetic radiation or sounds.