CWE-203
AllowedObservable Discrepancy
Abstraction: Base · Status: Incomplete
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
836 vulnerabilities reference this CWE, most recent first.
GHSA-X74M-V58J-5GPR
Vulnerability from github – Published: 2023-12-05 00:31 – Updated: 2023-12-08 18:30In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2023-40090"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-04T23:15:24Z",
"severity": "MODERATE"
},
"details": "In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-x74m-v58j-5gpr",
"modified": "2023-12-08T18:30:40Z",
"published": "2023-12-05T00:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40090"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/495417bd068c35de0729d9a332639bd0699153ff"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2023-12-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X75H-JR86-MJ5X
Vulnerability from github – Published: 2023-01-10 09:30 – Updated: 2023-01-20 09:30** DISPUTED ** The AES instructions on the ARMv8 platform do not have an algorithm that is "intrinsically resistant" to side-channel attacks. NOTE: the vendor reportedly offers the position "while power side channel attacks ... are possible, they are not directly caused by or related to the Arm architecture."
{
"affected": [],
"aliases": [
"CVE-2022-48251"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-10T07:15:00Z",
"severity": "HIGH"
},
"details": "** DISPUTED ** The AES instructions on the ARMv8 platform do not have an algorithm that is \"intrinsically resistant\" to side-channel attacks. NOTE: the vendor reportedly offers the position \"while power side channel attacks ... are possible, they are not directly caused by or related to the Arm architecture.\"",
"id": "GHSA-x75h-jr86-mj5x",
"modified": "2023-01-20T09:30:30Z",
"published": "2023-01-10T09:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48251"
},
{
"type": "WEB",
"url": "https://eprint.iacr.org/2022/230"
},
{
"type": "WEB",
"url": "https://eshard.com/posts/sca-attacks-on-armv8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XCMG-8X29-M9M4
Vulnerability from github – Published: 2025-09-24 09:30 – Updated: 2026-06-05 12:31Observable Timing Discrepancy vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive Web allows Cross-Domain Search Timing.This issue affects DivvyDrive Web: from 4.8.2.2 before 4.8.2.15.
{
"affected": [],
"aliases": [
"CVE-2025-9031"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-24T09:15:31Z",
"severity": "MODERATE"
},
"details": "Observable Timing Discrepancy vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive Web allows Cross-Domain Search Timing.This issue affects DivvyDrive Web: from 4.8.2.2 before 4.8.2.15.",
"id": "GHSA-xcmg-8x29-m9m4",
"modified": "2026-06-05T12:31:43Z",
"published": "2025-09-24T09:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9031"
},
{
"type": "WEB",
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0293"
},
{
"type": "WEB",
"url": "https://www.usom.gov.tr/bildirim/tr-25-0293"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XCWC-HMJ9-Q3X5
Vulnerability from github – Published: 2024-10-23 00:31 – Updated: 2024-10-23 21:30Accounts enumeration vulnerability in the Login Component of Reolink Duo 2 WiFi Camera (Firmware Version v3.0.0.1889_23031701) allows remote attackers to determine valid user accounts via login attempts. This can lead to the enumeration of user accounts and potentially facilitate other attacks, such as brute-forcing of passwords. The vulnerability arises from the application responding differently to login attempts with valid and invalid usernames.
{
"affected": [],
"aliases": [
"CVE-2024-48644"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-22T22:15:05Z",
"severity": "MODERATE"
},
"details": "Accounts enumeration vulnerability in the Login Component of Reolink Duo 2 WiFi Camera (Firmware Version v3.0.0.1889_23031701) allows remote attackers to determine valid user accounts via login attempts. This can lead to the enumeration of user accounts and potentially facilitate other attacks, such as brute-forcing of passwords. The vulnerability arises from the application responding differently to login attempts with valid and invalid usernames.",
"id": "GHSA-xcwc-hmj9-q3x5",
"modified": "2024-10-23T21:30:28Z",
"published": "2024-10-23T00:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48644"
},
{
"type": "WEB",
"url": "https://github.com/rosembergpro/CVE-2024-48644"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XGP9-J48H-JJF9
Vulnerability from github – Published: 2022-05-24 17:24 – Updated: 2024-01-11 17:45Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "magento/community-edition"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.5-p2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-9690"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-11T17:45:10Z",
"nvd_published_at": "2020-07-29T13:15:00Z",
"severity": "MODERATE"
},
"details": "Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.",
"id": "GHSA-xgp9-j48h-jjf9",
"modified": "2024-01-11T17:45:10Z",
"published": "2022-05-24T17:24:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9690"
},
{
"type": "WEB",
"url": "https://github.com/magento/magento2/commit/9436781734e47c83e96977fa770d255217680d5e"
},
{
"type": "PACKAGE",
"url": "https://github.com/magento/magento2"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/magento/apsb20-47.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Magento observable timing discrepancy vulnerability"
}
GHSA-XGQC-3VHW-CPHP
Vulnerability from github – Published: 2024-06-06 21:30 – Updated: 2024-11-04 12:32A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of comparison allows an attacker to guess passwords based on the timing of each character's comparison. The issue arises from the code segment that checks a password for a particular username, which can lead to the exposure of sensitive information to an unauthorized actor. An attacker exploiting this vulnerability could potentially guess user passwords, compromising the security of the system.
{
"affected": [],
"aliases": [
"CVE-2024-5124"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-06T19:16:03Z",
"severity": "HIGH"
},
"details": "A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the \u0027=\u0027 operator in Python. This method of comparison allows an attacker to guess passwords based on the timing of each character\u0027s comparison. The issue arises from the code segment that checks a password for a particular username, which can lead to the exposure of sensitive information to an unauthorized actor. An attacker exploiting this vulnerability could potentially guess user passwords, compromising the security of the system.",
"id": "GHSA-xgqc-3vhw-cphp",
"modified": "2024-11-04T12:32:55Z",
"published": "2024-06-06T21:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5124"
},
{
"type": "WEB",
"url": "https://github.com/gaizhenbiao/chuanhuchatgpt/commit/e46ec4ecd896bc3c88eb9a2f44e8593f3c6761b4"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/e85ec077-930a-4597-975f-9341d2805641"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XGQM-C7VM-24XF
Vulnerability from github – Published: 2026-06-19 21:32 – Updated: 2026-06-19 21:32Joomla com_booking component 2.4.9 contains an information disclosure vulnerability that allows unauthenticated attackers to enumerate user accounts by exploiting the getUserData function in the customer controller. Attackers can send GET requests to index.php with option=com_booking, controller=customer, task=getUserData, and an id parameter to retrieve user names, usernames, and email addresses through brute force enumeration.
{
"affected": [],
"aliases": [
"CVE-2023-54357"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-19T19:16:25Z",
"severity": "HIGH"
},
"details": "Joomla com_booking component 2.4.9 contains an information disclosure vulnerability that allows unauthenticated attackers to enumerate user accounts by exploiting the getUserData function in the customer controller. Attackers can send GET requests to index.php with option=com_booking, controller=customer, task=getUserData, and an id parameter to retrieve user names, usernames, and email addresses through brute force enumeration.",
"id": "GHSA-xgqm-c7vm-24xf",
"modified": "2026-06-19T21:32:47Z",
"published": "2026-06-19T21:32:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-54357"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/51595"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/joomla-com-booking-information-disclosure-via-account-enumeration"
},
{
"type": "WEB",
"url": "http://www.artio.net"
},
{
"type": "WEB",
"url": "http://www.artio.net/downloads/joomla/book-it/book-it-2-free/download"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-XH44-F8RG-H6H3
Vulnerability from github – Published: 2022-04-30 18:14 – Updated: 2022-04-30 18:14The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.
{
"affected": [],
"aliases": [
"CVE-2000-1117"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2001-01-09T05:00:00Z",
"severity": "MODERATE"
},
"details": "The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.",
"id": "GHSA-xh44-f8rg-h6h3",
"modified": "2022-04-30T18:14:56Z",
"published": "2022-04-30T18:14:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2000-1117"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0341.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/1994"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-XHGH-27M4-WCGP
Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2022-05-13 01:06Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish large numbers of crafted SSL connections to the target and obtain the session keys required to decrypt the pre-recorded SSL session.
{
"affected": [],
"aliases": [
"CVE-2017-18268"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-17T13:29:00Z",
"severity": "MODERATE"
},
"details": "Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish large numbers of crafted SSL connections to the target and obtain the session keys required to decrypt the pre-recorded SSL session.",
"id": "GHSA-xhgh-27m4-wcgp",
"modified": "2022-05-13T01:06:08Z",
"published": "2022-05-13T01:06:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18268"
},
{
"type": "WEB",
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA160"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104164"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XHJX-8QJQ-PCP5
Vulnerability from github – Published: 2023-10-30 18:30 – Updated: 2023-11-07 03:30In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2023-21333"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-30T17:15:49Z",
"severity": "MODERATE"
},
"details": "In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-xhjx-8qjq-pcp5",
"modified": "2023-11-07T03:30:25Z",
"published": "2023-10-30T18:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21333"
},
{
"type": "WEB",
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-39
- Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
- If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
- Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
CAPEC-189: Black Box Reverse Engineering
An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs. Black Box Reverse Engineering also refers to gathering physical side effects of a hardware device, such as electromagnetic radiation or sounds.