Common Weakness Enumeration

CWE-312

Allowed

Cleartext Storage of Sensitive Information

Abstraction: Base · Status: Draft

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

1017 vulnerabilities reference this CWE, most recent first.

GHSA-MF9W-62P6-2JH9

Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2022-05-13 01:02
VLAI
Details

Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passwords by reading a configuration file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-0876"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-05-31T01:59:00Z",
    "severity": "HIGH"
  },
  "details": "Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passwords by reading a configuration file.",
  "id": "GHSA-mf9w-62p6-2jh9",
  "modified": "2022-05-13T01:02:36Z",
  "published": "2022-05-13T01:02:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0876"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-042-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MFQ2-2PHJ-F7GW

Vulnerability from github – Published: 2023-02-17 18:30 – Updated: 2023-03-01 21:30
VLAI
Details

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 237587.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-41734"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-17T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 237587.",
  "id": "GHSA-mfq2-2phj-f7gw",
  "modified": "2023-03-01T21:30:20Z",
  "published": "2023-02-17T18:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41734"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/237587"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6857605"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MG2X-MGGJ-6955

Vulnerability from github – Published: 2024-01-24 15:30 – Updated: 2024-01-31 14:55
VLAI
Summary
Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service
Details

Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an Airflow version between 2.3.0 and 2.6.0, the configuration dictionary will be logged as plain text in the triggerer service without masking. This allows anyone with access to the metadata or triggerer log to obtain the configuration file and use it to access the Kubernetes cluster.

This behavior was changed in version 7.0.0, which stopped serializing the file contents and started providing the file path instead to read the contents into the trigger. Users are recommended to upgrade to version 7.0.0, which fixes this issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "apache-airflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "apache-airflow-providers-cncf-kubernetes"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.2.0"
            },
            {
              "fixed": "7.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-51702"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-24T21:13:06Z",
    "nvd_published_at": "2024-01-24T13:15:08Z",
    "severity": "MODERATE"
  },
  "details": "Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an Airflow version between 2.3.0 and 2.6.0, the configuration dictionary will be logged as plain text in the triggerer service without masking. This allows anyone with access to the metadata or triggerer log to obtain the configuration file and use it to access the Kubernetes cluster.\n\nThis behavior was changed in version 7.0.0, which stopped serializing the file contents and started providing the file path instead to read the contents into the trigger. Users are recommended to upgrade to version 7.0.0, which fixes this issue.",
  "id": "GHSA-mg2x-mggj-6955",
  "modified": "2024-01-31T14:55:45Z",
  "published": "2024-01-24T15:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51702"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/airflow/pull/29498"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/airflow/pull/30110"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/airflow/pull/36492"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/airflow"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/89x3q6lz5pykrkr1fkr04k4rfn9pvnv9"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/01/24/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service"
}

GHSA-MGXH-X4JJ-4GRV

Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2022-05-24 17:42
VLAI
Details

TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via [USER_CFG#0,0,0,0,0,0#0,0,0,0,0,0]0,0 to the /cgi?1&5 URI.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-27210"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-13T01:15:00Z",
    "severity": "MODERATE"
  },
  "details": "TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via [USER_CFG#0,0,0,0,0,0#0,0,0,0,0,0]0,0 to the /cgi?1\u00265 URI.",
  "id": "GHSA-mgxh-x4jj-4grv",
  "modified": "2022-05-24T17:42:08Z",
  "published": "2022-05-24T17:42:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27210"
    },
    {
      "type": "WEB",
      "url": "https://gokay.org/tp-links-archer-c5v-improper-authorization"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-MJ3G-5JVR-4W7H

Vulnerability from github – Published: 2023-07-03 21:30 – Updated: 2024-04-04 05:21
VLAI
Details

?All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. The attacker could then obtain the plaintext password by using a memory viewer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3395"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-256",
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-03T21:15:10Z",
    "severity": "MODERATE"
  },
  "details": "\n?All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into memory, including sensitive information associated with document, such as password. The attacker could then obtain the plaintext password by using a memory viewer.\n\n",
  "id": "GHSA-mj3g-5jvr-4w7h",
  "modified": "2024-04-04T05:21:00Z",
  "published": "2023-07-03T21:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3395"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MJ6G-39XM-96Q9

Vulnerability from github – Published: 2024-04-09 00:30 – Updated: 2025-03-13 15:32
VLAI
Details

The NMAP Importer service​ may expose data store credentials to authorized users of the Windows Registry.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-23584"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-08T23:15:07Z",
    "severity": "MODERATE"
  },
  "details": "The NMAP Importer service\u200b may expose data store credentials to authorized users of the Windows Registry.",
  "id": "GHSA-mj6g-39xm-96q9",
  "modified": "2025-03-13T15:32:30Z",
  "published": "2024-04-09T00:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23584"
    },
    {
      "type": "WEB",
      "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0112264"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MM6H-6R59-4W65

Vulnerability from github – Published: 2024-06-11 21:32 – Updated: 2024-06-11 21:32
VLAI
Details

A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another control sphere.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-28024"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-11T19:16:06Z",
    "severity": "LOW"
  },
  "details": "A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is \nstored in cleartext within a resource that might be accessible to an\u0002other control sphere.",
  "id": "GHSA-mm6h-6r59-4w65",
  "modified": "2024-06-11T21:32:17Z",
  "published": "2024-06-11T21:32:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28024"
    },
    {
      "type": "WEB",
      "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194\u0026languageCode=en\u0026Preview=true"
    },
    {
      "type": "WEB",
      "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MPHF-MF2V-25FF

Vulnerability from github – Published: 2022-07-02 00:00 – Updated: 2022-07-09 00:00
VLAI
Details

IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-22366"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-01T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106.",
  "id": "GHSA-mphf-mf2v-25ff",
  "modified": "2022-07-09T00:00:23Z",
  "published": "2022-07-02T00:00:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22366"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221006"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6600065"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MPJ6-2M9M-7RV8

Vulnerability from github – Published: 2022-05-24 17:21 – Updated: 2022-05-24 17:21
VLAI
Details

BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-18254"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-29T14:15:00Z",
    "severity": "LOW"
  },
  "details": "BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with.",
  "id": "GHSA-mpj6-2m9m-7rv8",
  "modified": "2022-05-24T17:21:57Z",
  "published": "2022-05-24T17:21:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18254"
    },
    {
      "type": "WEB",
      "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-05"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-MPM3-WR5W-85GH

Vulnerability from github – Published: 2025-08-06 21:31 – Updated: 2025-08-07 15:33
VLAI
Details

Insecure Data Storage of credentials has been found in /api_vedo/configuration/config.yml file in Vedo Suite version 2024.17. This file contains clear-text credentials, secret keys, and database information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-51055"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-06T21:15:30Z",
    "severity": "HIGH"
  },
  "details": "Insecure Data Storage of credentials has been found in /api_vedo/configuration/config.yml file in Vedo Suite version 2024.17. This file contains clear-text credentials, secret keys, and database information.",
  "id": "GHSA-mpm3-wr5w-85gh",
  "modified": "2025-08-07T15:33:12Z",
  "published": "2025-08-06T21:31:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-51055"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jacopoaugelli/vedo-suite-exploits"
    },
    {
      "type": "WEB",
      "url": "http://bottinelli.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301]

Mitigation
Implementation System Configuration Operation

In some systems/environments such as cloud, the use of "double encryption" (at both the software and hardware layer) might be required, and the developer might be solely responsible for both layers, instead of shared responsibility with the administrator of the broader system/environment.

CAPEC-37: Retrieve Embedded Sensitive Data

An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.