Common Weakness Enumeration

CWE-312

Allowed

Cleartext Storage of Sensitive Information

Abstraction: Base · Status: Draft

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

1017 vulnerabilities reference this CWE, most recent first.

GHSA-2VRQ-X473-Q93M

Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-05-24 17:41
VLAI
Details

An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to find passwords and authentication cookies stored in cleartext in the web.log HTTP logs.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-27140"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-10T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to find passwords and authentication cookies stored in cleartext in the web.log HTTP logs.",
  "id": "GHSA-2vrq-x473-q93m",
  "modified": "2022-05-24T17:41:47Z",
  "published": "2022-05-24T17:41:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27140"
    },
    {
      "type": "WEB",
      "url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#httpd-passwords-logs"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-2WPH-4XPG-R884

Vulnerability from github – Published: 2023-12-12 12:30 – Updated: 2023-12-12 12:30
VLAI
Details

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All versions < V19). An information disclosure vulnerability could allow a local attacker to gain access to the access level password of the SIMATIC S7-1200 and S7-1500 CPUs, when entered by a legitimate user in the hardware configuration of the affected application.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-46141"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312",
      "CWE-316"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-12T12:15:10Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All versions \u003c V19). An information disclosure vulnerability could allow a local attacker to gain access to the access level password of the SIMATIC S7-1200 and S7-1500 CPUs, when entered by a legitimate user in the hardware configuration of the affected application.",
  "id": "GHSA-2wph-4xpg-r884",
  "modified": "2023-12-12T12:30:53Z",
  "published": "2023-12-12T12:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46141"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887801.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2WXQ-944J-5G2V

Vulnerability from github – Published: 2025-04-02 15:31 – Updated: 2025-04-02 22:48
VLAI
Summary
Jenkins Stack Hammer Plugin Stores API Keys Unencrypted in Job `config.xml` Files
Details

Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration.

These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

As of publication of this advisory, there is no fix.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:stackhammer"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-31726"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-02T22:48:07Z",
    "nvd_published_at": "2025-04-02T15:16:00Z",
    "severity": "MODERATE"
  },
  "details": "Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job `config.xml` files on the Jenkins controller as part of its configuration.\n\nThese API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.\n\nAs of publication of this advisory, there is no fix.",
  "id": "GHSA-2wxq-944j-5g2v",
  "modified": "2025-04-02T22:48:07Z",
  "published": "2025-04-02T15:31:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31726"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/stackhammer-plugin"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2025-04-02/#SECURITY-3520"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Jenkins Stack Hammer Plugin Stores API Keys Unencrypted in Job `config.xml` Files"
}

GHSA-3229-MFQX-WC57

Vulnerability from github – Published: 2023-10-04 12:30 – Updated: 2023-12-19 15:30
VLAI
Details

Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application. This vulnerability could be linked to known techniques to obtain remote execution of MS SQL commands and escalate privileges on Windows systems because the credentials are stored in plaintext.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-2809"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312",
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-04T11:15:10Z",
    "severity": "CRITICAL"
  },
  "details": "Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application. This vulnerability could be linked to known techniques to obtain remote execution of MS SQL commands and escalate privileges on Windows systems because the credentials are stored in plaintext.",
  "id": "GHSA-3229-mfqx-wc57",
  "modified": "2023-12-19T15:30:27Z",
  "published": "2023-10-04T12:30:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2809"
    },
    {
      "type": "WEB",
      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/use-cleartext-credentials-sage-200"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-32X3-2QH2-V3W9

Vulnerability from github – Published: 2022-05-24 17:39 – Updated: 2025-07-23 15:31
VLAI
Details

A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. The vulnerability is due to the configuration archives files being stored in clear text, which can be retrieved by various API calls. An attacker could exploit this vulnerability by authenticating to the device and executing a series of API calls. A successful exploit could allow the attacker to retrieve the full unmasked running configurations of managed devices.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1265"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-20T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. The vulnerability is due to the configuration archives files being stored in clear text, which can be retrieved by various API calls. An attacker could exploit this vulnerability by authenticating to the device and executing a series of API calls. A successful exploit could allow the attacker to retrieve the full unmasked running configurations of managed devices.",
  "id": "GHSA-32x3-2qh2-v3w9",
  "modified": "2025-07-23T15:31:07Z",
  "published": "2022-05-24T17:39:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1265"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnacid-OfeeRjcn"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-33J4-GGHF-CV63

Vulnerability from github – Published: 2026-02-03 00:30 – Updated: 2026-03-03 03:32
VLAI
Details

A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Based Encryption (PBE) key in plaintext in the system audit log file. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the pbe key.

Note: The vulnerability is only triggered during a migration and not in a new installation. The system audit logs are accessible only to a privileged user on the server.

These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-12679"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-02T23:15:58Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in Brocade SANnav before 2.4.0b prints the \nPassword-Based Encryption (PBE) key in plaintext in the system audit log\n file. The vulnerability could allow a remote authenticated attacker \nwith access to the audit logs to access the pbe key.\n\nNote: The vulnerability is only triggered during a migration and not \nin a new installation. The system audit logs are accessible only to a \nprivileged user on the server.\n\n\n\nThese audit logs are the local server VM\u2019s audit logs and are not \ncontrolled by SANnav. These logs are only visible to the server admin of\n the host server and are not visible to the SANnav admin or any SANnav \nuser.",
  "id": "GHSA-33j4-gghf-cv63",
  "modified": "2026-03-03T03:32:40Z",
  "published": "2026-02-03T00:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12679"
    },
    {
      "type": "WEB",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36845"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-362P-56C9-Q273

Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2022-12-06 21:51
VLAI
Summary
Jenkins iceScrum Plugin stores credentials in Cleartext
Details

Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:icescrum"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-10443"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-06T21:51:03Z",
    "nvd_published_at": "2019-10-16T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.",
  "id": "GHSA-362p-56c9-q273",
  "modified": "2022-12-06T21:51:03Z",
  "published": "2022-05-24T16:58:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10443"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/icescrum-plugin"
    },
    {
      "type": "WEB",
      "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1436"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-933"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/10/16/6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Jenkins iceScrum Plugin stores credentials in Cleartext"
}

GHSA-363V-5RH8-23WG

Vulnerability from github – Published: 2026-03-26 18:16 – Updated: 2026-03-27 21:40
VLAI
Summary
AVideo has Plaintext Video Password Storage
Details

Summary

AVideo allows content owners to password-protect individual videos. The video password is stored in the database in plaintext — no hashing, salting, or encryption is applied. If an attacker gains read access to the database (via SQL injection, a database backup, or misconfigured access controls), they obtain all video passwords in cleartext.

Details

File: objects/video.php

Vulnerable setter:

public function setVideo_password($video_password)
{
    AVideoPlugin::onVideoSetVideo_password($this->id, $this->video_password, $video_password);
    $this->video_password = trim($video_password);
}

Vulnerable getter:

public function getVideo_password()
{
    if (empty($this->video_password)) {
        return '';
    }
    return trim($this->video_password);
}

The value assigned to $this->video_password is only trim()-ed before being persisted to the database column video_password in the videos table. There is no call to any hashing function (e.g., password_hash(), sha256, or similar).

When a visitor enters a password to access a protected video, the comparison is done directly against the stored plaintext:

// Comparison at access check:
if ($video->getVideo_password() === $_POST['password']) { ... }

This means: 1. Any database read (SQL injection, backup leak, hosting panel access) exposes all video passwords as cleartext. 2. Video passwords are often reused by users across other services, making this a credential harvesting risk. 3. The plaintext value is also present in application memory and any query logs.

PoC

  1. Set a password on any video via the AVideo admin/creator UI.
  2. Query the database: SELECT clean_title, video_password FROM videos WHERE video_password != '';
  3. All video passwords are returned in plaintext — no cracking required.

Alternatively, exploit any of the SQL injection vulnerabilities already reported in this repository to extract the video_password column directly.

Impact

  • Type: Cleartext Storage of Sensitive Information (CWE-312)
  • Severity: High
  • Authentication required: No — any database read access (including via SQL injection by unauthenticated users) exposes all passwords
  • Impact: Full exposure of all video access passwords; credential reuse attacks against users who share passwords across services
  • Fix: Hash video passwords on write using password_hash($video_password, PASSWORD_BCRYPT) and verify on read using password_verify($_POST['password'], $stored_hash)
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "wwbn/avideo"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "26.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-33867"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-26T18:16:39Z",
    "nvd_published_at": "2026-03-27T17:16:29Z",
    "severity": "CRITICAL"
  },
  "details": "### Summary\n\nAVideo allows content owners to password-protect individual videos. The video password is stored in the database in **plaintext** \u2014 no hashing, salting, or encryption is applied. If an attacker gains read access to the database (via SQL injection, a database backup, or misconfigured access controls), they obtain all video passwords in cleartext.\n\n### Details\n\n**File:** `objects/video.php`\n\n**Vulnerable setter:**\n```php\npublic function setVideo_password($video_password)\n{\n    AVideoPlugin::onVideoSetVideo_password($this-\u003eid, $this-\u003evideo_password, $video_password);\n    $this-\u003evideo_password = trim($video_password);\n}\n```\n\n**Vulnerable getter:**\n```php\npublic function getVideo_password()\n{\n    if (empty($this-\u003evideo_password)) {\n        return \u0027\u0027;\n    }\n    return trim($this-\u003evideo_password);\n}\n```\n\nThe value assigned to `$this-\u003evideo_password` is only `trim()`-ed before being persisted to the database column `video_password` in the `videos` table. There is no call to any hashing function (e.g., `password_hash()`, `sha256`, or similar).\n\nWhen a visitor enters a password to access a protected video, the comparison is done directly against the stored plaintext:\n```php\n// Comparison at access check:\nif ($video-\u003egetVideo_password() === $_POST[\u0027password\u0027]) { ... }\n```\n\nThis means:\n1. Any database read (SQL injection, backup leak, hosting panel access) exposes all video passwords as cleartext.\n2. Video passwords are often reused by users across other services, making this a credential harvesting risk.\n3. The plaintext value is also present in application memory and any query logs.\n\n### PoC\n\n1. Set a password on any video via the AVideo admin/creator UI.\n2. Query the database: `SELECT clean_title, video_password FROM videos WHERE video_password != \u0027\u0027;`\n3. All video passwords are returned in plaintext \u2014 no cracking required.\n\nAlternatively, exploit any of the SQL injection vulnerabilities already reported in this repository to extract the `video_password` column directly.\n\n### Impact\n\n- **Type:** Cleartext Storage of Sensitive Information (CWE-312)\n- **Severity:** High\n- **Authentication required:** No \u2014 any database read access (including via SQL injection by unauthenticated users) exposes all passwords\n- **Impact:** Full exposure of all video access passwords; credential reuse attacks against users who share passwords across services\n- **Fix:** Hash video passwords on write using `password_hash($video_password, PASSWORD_BCRYPT)` and verify on read using `password_verify($_POST[\u0027password\u0027], $stored_hash)`",
  "id": "GHSA-363v-5rh8-23wg",
  "modified": "2026-03-27T21:40:51Z",
  "published": "2026-03-26T18:16:39Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-363v-5rh8-23wg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33867"
    },
    {
      "type": "WEB",
      "url": "https://github.com/WWBN/AVideo/commit/f2d68d2adbf73588ea61be2b781d93120a819e36"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/WWBN/AVideo"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "AVideo has Plaintext Video Password Storage"
}

GHSA-379R-VG26-3RR8

Vulnerability from github – Published: 2025-04-11 18:31 – Updated: 2025-04-11 18:31
VLAI
Details

A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view clear-text data captured using the packet capture feature https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/take-packet-captures/take-a-custom-packet-capture in decrypted HTTP/2 data streams traversing network interfaces on the firewall. HTTP/1.1 data streams are not impacted.

In normal conditions, decrypted packet captures are available to firewall administrators after they obtain and install a free Decryption Port Mirror license. The license requirement ensures that this feature can only be used after approved personnel purposefully activate the license. For more information, review how to configure decryption port mirroring https://docs.paloaltonetworks.com/network-security/decryption/administration/monitoring-decryption/configure-decryption-port-mirroring .

The administrator must obtain network access to the management interface (web, SSH, console, or telnet) and successfully authenticate to exploit this issue. Risk of this issue can be greatly reduced by restricting access to the management interface to only trusted administrators and from only internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .

Customer firewall administrators do not have access to the packet capture feature in Cloud NGFW. This feature is available only to authorized Palo Alto Networks personnel permitted to perform troubleshooting.

Prisma® Access is not impacted by this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-0123"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-11T18:15:38Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the Palo Alto Networks PAN-OS\u00ae software enables unlicensed administrators to view clear-text data captured using the  packet capture feature https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/take-packet-captures/take-a-custom-packet-capture  in decrypted HTTP/2 data streams traversing network interfaces on the firewall. HTTP/1.1 data streams are not impacted.\n\nIn normal conditions, decrypted packet captures are available to firewall administrators after they obtain and install a free Decryption Port Mirror license. The license requirement ensures that this feature can only be used after approved personnel purposefully activate the license. For more information, review how to  configure decryption port mirroring https://docs.paloaltonetworks.com/network-security/decryption/administration/monitoring-decryption/configure-decryption-port-mirroring .\n\nThe administrator must obtain network access to the management interface (web, SSH, console, or telnet) and successfully authenticate to exploit this issue. Risk of this issue can be greatly reduced by restricting access to the management interface to only trusted administrators and from only internal IP addresses according to our recommended  critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\nCustomer firewall administrators do not have access to the packet capture feature in Cloud NGFW. This feature is available only to authorized Palo Alto Networks personnel permitted to perform troubleshooting.\n\nPrisma\u00ae Access is not impacted by this vulnerability.",
  "id": "GHSA-379r-vg26-3rr8",
  "modified": "2025-04-11T18:31:09Z",
  "published": "2025-04-11T18:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0123"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2025-0123"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-37CF-R3W2-GJFW

Vulnerability from github – Published: 2020-06-05 16:09 – Updated: 2024-09-16 22:30
VLAI
Summary
django-nopassword stores secrets in cleartext
Details

django-nopassword before 5.0.0 stores cleartext secrets in the database.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "django-nopassword"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-10682"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312",
      "CWE-522"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-04T18:34:53Z",
    "nvd_published_at": "2020-03-18T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "django-nopassword before 5.0.0 stores cleartext secrets in the database.",
  "id": "GHSA-37cf-r3w2-gjfw",
  "modified": "2024-09-16T22:30:29Z",
  "published": "2020-06-05T16:09:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10682"
    },
    {
      "type": "WEB",
      "url": "https://github.com/relekang/django-nopassword/commit/d8b4615f5fbfe3997d96cf4cb3e342406396193c"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-37cf-r3w2-gjfw"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-nopassword/PYSEC-2020-229.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/relekang/django-nopassword"
    },
    {
      "type": "WEB",
      "url": "https://github.com/relekang/django-nopassword/blob/8e8cfc765ee00adfed120c2c79bf71ef856e9022/nopassword/models.py#L14"
    },
    {
      "type": "WEB",
      "url": "https://github.com/relekang/django-nopassword/compare/v4.0.1...v5.0.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "django-nopassword stores secrets in cleartext "
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301]

Mitigation
Implementation System Configuration Operation

In some systems/environments such as cloud, the use of "double encryption" (at both the software and hardware layer) might be required, and the developer might be solely responsible for both layers, instead of shared responsibility with the administrator of the broader system/environment.

CAPEC-37: Retrieve Embedded Sensitive Data

An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.