Common Weakness Enumeration

CWE-212

Allowed

Improper Removal of Sensitive Information Before Storage or Transfer

Abstraction: Base · Status: Incomplete

The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.

155 vulnerabilities reference this CWE, most recent first.

GHSA-QFM4-FRR3-P3PH

Vulnerability from github – Published: 2024-06-03 09:30 – Updated: 2024-06-03 09:30
VLAI
Details

An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP responses.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-31493"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-212"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-03T08:15:09Z",
    "severity": "MODERATE"
  },
  "details": "An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP responses.",
  "id": "GHSA-qfm4-frr3-p3ph",
  "modified": "2024-06-03T09:30:47Z",
  "published": "2024-06-03T09:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31493"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-052"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QG67-MXC2-7GC6

Vulnerability from github – Published: 2022-06-01 00:00 – Updated: 2022-06-15 00:00
VLAI
Details

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository polonel/trudesk prior to 1.2.3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1893"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-212"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-31T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository polonel/trudesk prior to 1.2.3.",
  "id": "GHSA-qg67-mxc2-7gc6",
  "modified": "2022-06-15T00:00:21Z",
  "published": "2022-06-01T00:00:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1893"
    },
    {
      "type": "WEB",
      "url": "https://github.com/polonel/trudesk/commit/ae904d37eaa38bffebfbfe8e949c0385c63e3263"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/a1cfe61b-5248-4a73-9a80-0b764edc9b26"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QHG7-CQR2-QR57

Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-05-24 17:41
VLAI
Details

In parseNextBox of IsoInterface.java, there is a possible leak of unredacted location information due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-134155286

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-0340"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-212"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-10T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "In parseNextBox of IsoInterface.java, there is a possible leak of unredacted location information due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-134155286",
  "id": "GHSA-qhg7-cqr2-qr57",
  "modified": "2022-05-24T17:41:45Z",
  "published": "2022-05-24T17:41:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0340"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2021-02-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QMQW-HP6J-FXQV

Vulnerability from github – Published: 2022-05-13 00:00 – Updated: 2022-05-24 00:01
VLAI
Details

Exposure of sensitive system information due to uncleared debug information in firmware for some Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC Products may allow an unauthenticated user to potentially enable information disclosure or escalation of privilege via physical access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-33080"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-212"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-12T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Exposure of sensitive system information due to uncleared debug information in firmware for some Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC Products may allow an unauthenticated user to potentially enable information disclosure or escalation of privilege via physical access.",
  "id": "GHSA-qmqw-hp6j-fxqv",
  "modified": "2022-05-24T00:01:36Z",
  "published": "2022-05-13T00:00:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33080"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00563.html"
    },
    {
      "type": "WEB",
      "url": "https://www.solidigm.com/content/dam/newco-aem-site/master/site/support/Solidigm%20SA-000563%20rev1.1.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QRQ2-Q88F-XPV2

Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2022-05-24 17:34
VLAI
Details

Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-8696"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-212"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-12T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
  "id": "GHSA-qrq2-q88f-xpv2",
  "modified": "2022-05-24T17:34:11Z",
  "published": "2022-05-24T17:34:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8696"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAAGIK5CXKBPGY3R4UR5VO56M7MKLZ43"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20201113-0006"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-R3XP-3WRM-G7W6

Vulnerability from github – Published: 2022-05-13 00:00 – Updated: 2022-05-24 00:01
VLAI
Details

Sensitive information in resource not removed before reuse in firmware for some Intel(R) SSD and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-33082"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-212"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-12T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Sensitive information in resource not removed before reuse in firmware for some Intel(R) SSD and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access.",
  "id": "GHSA-r3xp-3wrm-g7w6",
  "modified": "2022-05-24T00:01:37Z",
  "published": "2022-05-13T00:00:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33082"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00563.html"
    },
    {
      "type": "WEB",
      "url": "https://www.solidigm.com/content/dam/newco-aem-site/master/site/support/Solidigm%20SA-000563%20rev1.1.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R43M-59F7-VGFP

Vulnerability from github – Published: 2026-06-04 15:30 – Updated: 2026-06-04 18:30
VLAI
Details

The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and obtain sensitive user data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-36178"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-212"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-04T15:16:51Z",
    "severity": "MODERATE"
  },
  "details": "The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and obtain sensitive user data.",
  "id": "GHSA-r43m-59f7-vgfp",
  "modified": "2026-06-04T18:30:31Z",
  "published": "2026-06-04T15:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36178"
    },
    {
      "type": "WEB",
      "url": "https://github.com/BadChemical/IoT-Vulnerability-Research-Public/blob/main/GNCC-GP5-T23/README.md"
    },
    {
      "type": "WEB",
      "url": "http://gncc.com"
    },
    {
      "type": "WEB",
      "url": "http://gp5.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RG3G-4RW9-GQRP

Vulnerability from github – Published: 2026-05-19 15:54 – Updated: 2026-05-19 15:54
VLAI
Summary
Argo CD: Kubernetes Secret Extraction via ArgoCD ServerSideDiff via sensitive annotations
Details

Summary

The original fix for GHSA-3v3m-wc6v-x4x3 is incomplete. argocd app diff --server-side-diff can still expose Kubernetes Secret values embedded in the kubectl.kubernetes.io/last-applied-configuration annotation.

The prior fix masks top-level Secret data in ServerSideDiff responses, but it does not fully sanitize Secret data stored inside the last-applied-configuration annotation. If a Secret was previously created or updated using client-side apply, that annotation may contain raw data, stringData, and sensitive annotations. These values can be shown in UI/CLI diffs.

Details

The ServerSideDiff endpoint returns ResourceDiff.TargetState / LiveState based on server-side dry-run output. Kubernetes server-side dry-run can return a full predicted live Secret object that carries forward existing live annotations, including:

kubectl.kubernetes.io/last-applied-configuration For Secrets created with client-side apply, that annotation can contain a JSON-serialized Secret manifest with sensitive values.

The masking path calls HideSecretData(target, live, ...). However, HideSecretData only rewrites the last-applied annotation on the second argument (live). In server-side diff, the first argument can be predictedLive, not a clean Git target. predictedLive can also contain kubectl.kubernetes.io/last-applied-configuration, so the first object’s embedded annotation can remain unmasked.

PoC

Create an app containing this Secret manifest:

apiVersion: v1
kind: Namespace
metadata:
  name: last-applied-secret-repro
---
apiVersion: v1
kind: Secret
metadata:
  name: secret
  namespace: last-applied-secret-repro
  annotations:
    app: test
    token: SECRETVAL
type: Opaque
data:
  password: U0VDUkVUVkFM
  username: U0VDUkVUVkFM

Create and Sync Argo App

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: last-applied-secret-repro
  namespace: argocd
  annotations:
    argocd.argoproj.io/compare-options: ServerSideDiff=true,IncludeMutationWebhook=true
spec:
  project: default
  destination:
    server: https://kubernetes.default.svc
    namespace: last-applied-secret-repro
  source:
    repoURL: https://github.com/YOUR_ORG/YOUR_REPO.git
    targetRevision: HEAD
    path: last-applied-secret-repro
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=true
      - ServerSideApply=true

Run argo cd app diff argocd app diff last-applied-secret-repro --server-side-diff --exit-code=false

❯ argocd app diff last-applied-secret-repro --server-side-diff --exit-code=false

===== /Secret last-applied-secret-repro/secret ======
10c10,11
<     kubectl.kubernetes.io/last-applied-configuration: '{"apiVersion":"v1","data":{"password":"++++++++","username":"++++++++"},"kind":"Secret","metadata":{"annotations":{"app":"test","argocd.argoproj.io/tracking-id":"last-applied-secret-repro:/Secret:last-applied-secret-repro/secret","token":"SECRETVAL"},"name":"secret","namespace":"last-applied-secret-repro"},"type":"Opaque"}'
---
>     kubectl.kubernetes.io/last-applied-configuration: |
>       {"apiVersion":"v1","data":{"password":"U0VDUkVUVkFM","username":"U0VDUkVUVkFM"},"kind":"Secret","metadata":{"annotations":{"app":"test","argocd.argoproj.io/tracking-id":"last-applied-secret-repro:/Secret:last-applied-secret-repro/secret","token":"SECRETVAL"},"name":"secret","namespace":"last-applied-secret-repro"},"type":"Opaque"}

The secret value can be seen inside the diff

Impact

Authenticated Argo CD users who can view application diffs may be able to read Secret values that should be masked.

Impacted values include: Secret data embedded in kubectl.kubernetes.io/last-applied-configuration

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.2.11"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/argoproj/argo-cd/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.2.0"
            },
            {
              "fixed": "3.2.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.3.9"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/argoproj/argo-cd/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.3.0-rc1"
            },
            {
              "fixed": "3.3.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.4.1"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/argoproj/argo-cd/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.4.0-rc1"
            },
            {
              "fixed": "3.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-45737"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-212"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-19T15:54:21Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Summary\nThe original fix for [GHSA-3v3m-wc6v-x4x3](https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3) is incomplete. argocd app diff --server-side-diff can still expose Kubernetes Secret values embedded in the kubectl.kubernetes.io/last-applied-configuration annotation.\n\nThe prior fix masks top-level Secret data in ServerSideDiff responses, but it does not fully sanitize Secret data stored inside the last-applied-configuration annotation. If a Secret was previously created or updated using client-side apply, that annotation may contain raw data, stringData, and sensitive annotations. These values can be shown in UI/CLI diffs.\n\n### Details\nThe ServerSideDiff endpoint returns ResourceDiff.TargetState / LiveState based on server-side dry-run output. Kubernetes server-side dry-run can return a full predicted live Secret object that carries forward existing live annotations, including:\n\nkubectl.kubernetes.io/last-applied-configuration\nFor Secrets created with client-side apply, that annotation can contain a JSON-serialized Secret manifest with sensitive values.\n\nThe masking path calls HideSecretData(target, live, ...). However, HideSecretData only rewrites the last-applied annotation on the second argument (live). In server-side diff, the first argument can be predictedLive, not a clean Git target. predictedLive can also contain kubectl.kubernetes.io/last-applied-configuration, so the first object\u2019s embedded annotation can remain unmasked.\n\n### PoC\nCreate an app containing this Secret manifest:\n```yaml\napiVersion: v1\nkind: Namespace\nmetadata:\n  name: last-applied-secret-repro\n---\napiVersion: v1\nkind: Secret\nmetadata:\n  name: secret\n  namespace: last-applied-secret-repro\n  annotations:\n    app: test\n    token: SECRETVAL\ntype: Opaque\ndata:\n  password: U0VDUkVUVkFM\n  username: U0VDUkVUVkFM\n```\nCreate and Sync Argo App\n```yaml\napiVersion: argoproj.io/v1alpha1\nkind: Application\nmetadata:\n  name: last-applied-secret-repro\n  namespace: argocd\n  annotations:\n    argocd.argoproj.io/compare-options: ServerSideDiff=true,IncludeMutationWebhook=true\nspec:\n  project: default\n  destination:\n    server: https://kubernetes.default.svc\n    namespace: last-applied-secret-repro\n  source:\n    repoURL: https://github.com/YOUR_ORG/YOUR_REPO.git\n    targetRevision: HEAD\n    path: last-applied-secret-repro\n  syncPolicy:\n    automated:\n      prune: true\n      selfHeal: true\n    syncOptions:\n      - CreateNamespace=true\n      - ServerSideApply=true\n```\nRun argo cd app diff\n`argocd app diff last-applied-secret-repro --server-side-diff --exit-code=false`\n```\n\u276f argocd app diff last-applied-secret-repro --server-side-diff --exit-code=false\n\n===== /Secret last-applied-secret-repro/secret ======\n10c10,11\n\u003c     kubectl.kubernetes.io/last-applied-configuration: \u0027{\"apiVersion\":\"v1\",\"data\":{\"password\":\"++++++++\",\"username\":\"++++++++\"},\"kind\":\"Secret\",\"metadata\":{\"annotations\":{\"app\":\"test\",\"argocd.argoproj.io/tracking-id\":\"last-applied-secret-repro:/Secret:last-applied-secret-repro/secret\",\"token\":\"SECRETVAL\"},\"name\":\"secret\",\"namespace\":\"last-applied-secret-repro\"},\"type\":\"Opaque\"}\u0027\n---\n\u003e     kubectl.kubernetes.io/last-applied-configuration: |\n\u003e       {\"apiVersion\":\"v1\",\"data\":{\"password\":\"U0VDUkVUVkFM\",\"username\":\"U0VDUkVUVkFM\"},\"kind\":\"Secret\",\"metadata\":{\"annotations\":{\"app\":\"test\",\"argocd.argoproj.io/tracking-id\":\"last-applied-secret-repro:/Secret:last-applied-secret-repro/secret\",\"token\":\"SECRETVAL\"},\"name\":\"secret\",\"namespace\":\"last-applied-secret-repro\"},\"type\":\"Opaque\"}\n```\nThe secret value can be seen inside the diff\n\n### Impact\nAuthenticated Argo CD users who can view application diffs may be able to read Secret values that should be masked.\n\nImpacted values include:\nSecret data embedded in kubectl.kubernetes.io/last-applied-configuration",
  "id": "GHSA-rg3g-4rw9-gqrp",
  "modified": "2026-05-19T15:54:22Z",
  "published": "2026-05-19T15:54:21Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-rg3g-4rw9-gqrp"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/argoproj/argo-cd"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Argo CD: Kubernetes Secret Extraction via ArgoCD ServerSideDiff via sensitive annotations"
}

GHSA-RJWH-HM8R-VG38

Vulnerability from github – Published: 2022-05-24 17:02 – Updated: 2024-04-04 02:41
VLAI
Details

An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. (The vendor states that it was later fixed.) Upon login, every communication is saved within Windows main memory. When a user logs out or deletes conversation history (but does not exit the application), this data is not wiped from main memory, and therefore could be read by a local user with the same or greater privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-19362"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-212"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-02T03:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. (The vendor states that it was later fixed.) Upon login, every communication is saved within Windows main memory. When a user logs out or deletes conversation history (but does not exit the application), this data is not wiped from main memory, and therefore could be read by a local user with the same or greater privileges.",
  "id": "GHSA-rjwh-hm8r-vg38",
  "modified": "2024-04-04T02:41:31Z",
  "published": "2022-05-24T17:02:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19362"
    },
    {
      "type": "WEB",
      "url": "http://nestedif.com/teamviewer-vulnerability-improper-session-handling-leading-to-information-disclosure-advisory"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V97C-WM3X-XR3X

Vulnerability from github – Published: 2022-05-24 17:39 – Updated: 2022-10-27 19:00
VLAI
Details

Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethernet packets. An attacker on the same Ethernet subnet as the PAN-OS firewall is able to collect potentially sensitive information from these packets. This issue is also known as Etherleak and is detected by security scanners as CVE-2003-0001. This issue impacts: PAN-OS 8.1 version earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-3031"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-212"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-13T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random information from the firewall memory into the Ethernet packets. An attacker on the same Ethernet subnet as the PAN-OS firewall is able to collect potentially sensitive information from these packets. This issue is also known as Etherleak and is detected by security scanners as CVE-2003-0001. This issue impacts: PAN-OS 8.1 version earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5.",
  "id": "GHSA-v97c-wm3x-xr3x",
  "modified": "2022-10-27T19:00:39Z",
  "published": "2022-05-24T17:39:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3031"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2021-3031"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Requirements

Clearly specify which information should be regarded as private or sensitive, and require that the product offers functionality that allows the user to cleanse the sensitive information from the resource before it is published or exported to other parties.

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-57
Implementation Operation

Strategy: Attack Surface Reduction

  • Some tools can automatically analyze documents to redact, strip, or "sanitize" private information, although some human review might be necessary. Tools may vary in terms of which document formats can be processed.
  • When calling an external program to automatically generate or convert documents, invoke the program with any available options that avoid generating sensitive metadata. Some formats have well-defined fields that could contain private data, such as Exchangeable image file format (Exif), which can contain potentially sensitive metadata such as geolocation, date, and time [REF-1515] [REF-1516].
Mitigation MIT-33
Implementation

Strategy: Attack Surface Reduction

Use naming conventions and strong types to make it easier to spot when sensitive data is being used. When creating structures, objects, or other complex entities, separate the sensitive and non-sensitive data as much as possible.

Mitigation
Implementation

Avoid errors related to improper resource shutdown or release (CWE-404), which may leave the sensitive data within the resource if it is in an incomplete state.

CAPEC-168: Windows ::DATA Alternate Data Stream

An attacker exploits the functionality of Microsoft NTFS Alternate Data Streams (ADS) to undermine system security. ADS allows multiple "files" to be stored in one directory entry referenced as filename:streamname. One or more alternate data streams may be stored in any file or directory. Normal Microsoft utilities do not show the presence of an ADS stream attached to a file. The additional space for the ADS is not recorded in the displayed file size. The additional space for ADS is accounted for in the used space on the volume. An ADS can be any type of file. ADS are copied by standard Microsoft utilities between NTFS volumes. ADS can be used by an attacker or intruder to hide tools, scripts, and data from detection by normal system utilities. Many anti-virus programs do not check for or scan ADS. Windows Vista does have a switch (-R) on the command line DIR command that will display alternate streams.