Common Weakness Enumeration

CWE-203

Allowed

Observable Discrepancy

Abstraction: Base · Status: Incomplete

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

836 vulnerabilities reference this CWE, most recent first.

GHSA-W8VH-P74J-X9XP

Vulnerability from github – Published: 2023-12-18 20:01 – Updated: 2023-12-22 22:23
VLAI
Summary
yii2-authclient vulnerable to possible timing attack on string comparison in OAuth1, OAuth2 and OpenID Connect implementation
Details

Impact

What kind of vulnerability is it? Who is impacted?

Original Report:

The Oauth1/2 "state" and OpenID Connect "nonce" is vulnerable for a "timing attack" since it's compared via regular string comparison (instead of Yii::$app->getSecurity()->compareString()).

Affected Code:

  1. OAuth 1 "state"

    https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OAuth1.php#L158

  2. OAuth 2 "state"

    https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OAuth2.php#L121

  3. OpenID Connect "nonce"

    https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OpenIdConnect.php#L420

Patches

Has the problem been patched? What versions should users upgrade to?

TBD: Replace strcmp with Yii::$app->getSecurity()->compareString()).

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading?

not as far as I see.

References

Are there any links users can visit to find out more?

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.2.14"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "yiisoft/yii2-authclient"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-50708"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-12-18T20:01:00Z",
    "nvd_published_at": "2023-12-22T19:15:08Z",
    "severity": "LOW"
  },
  "details": "### Impact\n_What kind of vulnerability is it? Who is impacted?_\n\nOriginal Report:\n\n\u003e The Oauth1/2 \"state\" and OpenID Connect \"nonce\" is vulnerable for a \"timing attack\" since it\u0027s compared via regular string \n\u003e comparison (instead of `Yii::$app-\u003egetSecurity()-\u003ecompareString()`).\n\nAffected Code:\n\n1. OAuth 1 \"state\"\n\n    https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OAuth1.php#L158\n\n3. OAuth 2 \"state\"\n    \n    https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OAuth2.php#L121\n\n4. OpenID Connect \"nonce\"\n    \n    https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OpenIdConnect.php#L420\n\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\n\nTBD: Replace strcmp with  `Yii::$app-\u003egetSecurity()-\u003ecompareString()`).\n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\n\nnot as far as I see.\n\n### References\n_Are there any links users can visit to find out more?_\n",
  "id": "GHSA-w8vh-p74j-x9xp",
  "modified": "2023-12-22T22:23:51Z",
  "published": "2023-12-18T20:01:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/yiisoft/yii2-authclient/security/advisories/GHSA-w8vh-p74j-x9xp"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50708"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yiisoft/yii2-authclient/commit/dabddf2154ab7e7703740205a069202554089248"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/yiisoft/yii2-authclient"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OAuth1.php#L158"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OAuth2.php#L121"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OpenIdConnect.php#L420"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "yii2-authclient vulnerable to possible timing attack on string comparison in OAuth1, OAuth2 and OpenID Connect implementation"
}

GHSA-W935-5MJ5-XQ67

Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2024-03-21 03:33
VLAI
Details

** DISPUTED ** On Coldcard MK1 and MK2 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. On Coldcard MK1 and MK2 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. NOTE: At Coinkite, we?ve already mitigated it, even though we feel strongly that it is not a legitimate issue. In our opinion, it is both unproven (might not even work) and also completely impractical?even if it could be made to work perfectly.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-14356"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-31T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "** DISPUTED ** On Coldcard MK1 and MK2 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device\u0027s USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. On Coldcard MK1 and MK2 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device\u0027s USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. NOTE: At Coinkite, we?ve already mitigated it, even though we feel strongly that it is not a legitimate issue. In our opinion, it is both unproven (might not even work) and also completely impractical?even if it could be made to work perfectly.",
  "id": "GHSA-w935-5mj5-xq67",
  "modified": "2024-03-21T03:33:41Z",
  "published": "2022-05-24T17:00:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14356"
    },
    {
      "type": "WEB",
      "url": "https://blog.coinkite.com/noise-troll"
    },
    {
      "type": "WEB",
      "url": "https://github.com/someone42/hardware-bitcoin-wallet/blob/master/pic32/ssd1306.c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W9W3-F8Q7-X576

Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2025-11-11 18:30
VLAI
Details

In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-33624"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-23T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.",
  "id": "GHSA-w9w3-f8q7-x576",
  "modified": "2025-11-11T18:30:13Z",
  "published": "2022-05-24T19:06:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33624"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/9183671af6dbf60a1219371d4ed73e23f43b49db"
    },
    {
      "type": "WEB",
      "url": "https://github.com/benschlueter/CVE-2021-33624"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
    },
    {
      "type": "WEB",
      "url": "https://www.usenix.org/conference/usenixsecurity21/presentation/kirzner"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/06/21/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WC3X-QJ47-37MG

Vulnerability from github – Published: 2022-05-24 17:21 – Updated: 2024-04-04 02:54
VLAI
Details

The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-11735"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-25T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a \"projective coordinates leak.\"",
  "id": "GHSA-wc3x-qj47-37mg",
  "modified": "2024-04-04T02:54:35Z",
  "published": "2022-05-24T17:21:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11735"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wolfSSL/wolfssl/commit/1de07da61f0c8e9926dcbd68119f73230dae283f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wolfSSL/wolfssl/releases/tag/v4.4.0-stable"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WC7Q-3X28-QJ26

Vulnerability from github – Published: 2022-05-24 19:08 – Updated: 2022-12-26 03:30
VLAI
Details

An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-36422"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-19T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable.",
  "id": "GHSA-wc7q-3x28-qj26",
  "modified": "2022-12-26T03:30:21Z",
  "published": "2022-05-24T19:08:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36422"
    },
    {
      "type": "WEB",
      "url": "https://bugs.gentoo.org/730752"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WF7P-GXJ9-33JQ

Vulnerability from github – Published: 2022-03-31 00:00 – Updated: 2022-04-06 00:01
VLAI
Details

In TelecomManager, there is a possible way to check if a particular self managed phone account was registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-191768014

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-39788"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-30T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In TelecomManager, there is a possible way to check if a particular self managed phone account was registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-191768014",
  "id": "GHSA-wf7p-gxj9-33jq",
  "modified": "2022-04-06T00:01:50Z",
  "published": "2022-03-31T00:00:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39788"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/android-12l"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WFCC-PFF6-RGC5

Vulnerability from github – Published: 2018-10-19 16:15 – Updated: 2023-08-15 20:33
VLAI
Summary
Jetty vulnerable to exposure of sensitive information due to observable discrepancy
Details

Jetty through 9.4.x contains a timing channel attack in util/security/Password.java, which allows attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 9.4.5.v20170502"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.eclipse.jetty:jetty-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.4.0"
            },
            {
              "fixed": "9.4.6.v20170531"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 9.3.19.v20170502"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.eclipse.jetty:jetty-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.3.0"
            },
            {
              "fixed": "9.3.20.v20170531"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 9.2.21.v20170120"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.eclipse.jetty:jetty-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.2.22.v20170606"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-9735"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-203"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T22:00:10Z",
    "nvd_published_at": "2017-06-16T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "Jetty through 9.4.x contains a timing channel attack in `util/security/Password.java`, which allows attackers to obtain access by observing elapsed times before rejection of incorrect passwords.",
  "id": "GHSA-wfcc-pff6-rgc5",
  "modified": "2023-08-15T20:33:37Z",
  "published": "2018-10-19T16:15:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9735"
    },
    {
      "type": "WEB",
      "url": "https://github.com/eclipse/jetty.project/issues/1556"
    },
    {
      "type": "WEB",
      "url": "https://github.com/eclipse/jetty.project/commit/042f325f1cd6e7891d72c7e668f5947b5457dc02"
    },
    {
      "type": "WEB",
      "url": "https://bugs.debian.org/864631"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/eclipse/jetty.project"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/36870f6c51f5bc25e6f7bb1fcace0e57e81f1524019b11f466738559@%3Ccommon-dev.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/f887a5978f5e4c62b9cfe876336628385cff429e796962649649ec8a@%3Ccommon-issues.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20170826163336/http://www.securityfocus.com/bid/99104"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Jetty vulnerable to exposure of sensitive information due to observable discrepancy"
}

GHSA-WFJW-W6PV-8P7F

Vulnerability from github – Published: 2022-02-01 00:47 – Updated: 2025-03-07 19:09
VLAI
Summary
Observable Response Discrepancy in Flask-AppBuilder
Details

Impact

User enumeration in database authentication in Flask-AppBuilder < 3.4.4. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in.

Patches

Upgrade to 3.4.4

Workarounds

References

For more information

If you have any questions or comments about this advisory: * Open an issue in example link to repo * Email us at example email address

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Flask-AppBuilder"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.4.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-21659"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-204"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-01-31T20:19:12Z",
    "nvd_published_at": "2022-01-31T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nUser enumeration in database authentication in Flask-AppBuilder  \u003c 3.4.4. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in.\n\n### Patches\nUpgrade to 3.4.4\n\n### Workarounds\n\n### References\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [example link to repo](http://example.com)\n* Email us at [example email address](mailto:example@example.com)",
  "id": "GHSA-wfjw-w6pv-8p7f",
  "modified": "2025-03-07T19:09:24Z",
  "published": "2022-02-01T00:47:53Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-wfjw-w6pv-8p7f"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21659"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dpgaspar/Flask-AppBuilder/pull/1775"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dpgaspar/Flask-AppBuilder/commit/e2b744c258ff62ece9d5ac7172c3b4644ff4c2fe"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/dpgaspar/Flask-AppBuilder"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dpgaspar/Flask-AppBuilder/commits/v3.4.4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2022-24.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Observable Response Discrepancy in Flask-AppBuilder"
}

GHSA-WFP4-223F-X5RM

Vulnerability from github – Published: 2022-12-22 21:30 – Updated: 2025-04-15 15:30
VLAI
Details

Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-45416"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-22T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Keyboard events reference strings like \"KeyA\" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR \u003c 102.5, Thunderbird \u003c 102.5, and Firefox \u003c 107.",
  "id": "GHSA-wfp4-223f-x5rm",
  "modified": "2025-04-15T15:30:36Z",
  "published": "2022-12-22T21:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45416"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1793676"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-47"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-48"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-49"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WFQX-GH2P-77P7

Vulnerability from github – Published: 2024-12-20 09:31 – Updated: 2026-04-08 18:33
VLAI
Details

The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-11297"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-20T07:15:09Z",
    "severity": "MODERATE"
  },
  "details": "The Page Restriction WordPress (WP) \u2013 Protect WP Pages/Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.",
  "id": "GHSA-wfqx-gh2p-77p7",
  "modified": "2026-04-08T18:33:46Z",
  "published": "2024-12-20T09:31:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11297"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3212690%40page-and-post-restriction\u0026new=3212690%40page-and-post-restriction\u0026sfp_email=\u0026sfph_mail="
    },
    {
      "type": "WEB",
      "url": "https://wordpress.org/plugins/page-and-post-restriction"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d12ab8c-d5d0-4e02-986e-e894fae073e5?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-39
Implementation
  • Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
  • If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
  • Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
CAPEC-189: Black Box Reverse Engineering

An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs. Black Box Reverse Engineering also refers to gathering physical side effects of a hardware device, such as electromagnetic radiation or sounds.