Common Weakness Enumeration

CWE-488

Allowed

Exposure of Data Element to Wrong Session

Abstraction: Base · Status: Draft

The product does not sufficiently enforce boundaries between the states of different sessions, causing data to be provided to, or used by, the wrong session.

50 vulnerabilities reference this CWE, most recent first.

CVE-2025-47928 (GCVE-0-2025-47928)

Vulnerability from cvelistv5 – Published: 2025-05-15 20:09 – Updated: 2025-05-15 20:18
VLAI
Title
Spotipy repo vulnerable to secrets exfiltration via `pull_request_target`
Summary
Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using `pull_request_target` on `.github/workflows/integration_tests.yml` followed by the checking out the head.sha of a forked PR can be exploited by attackers, since untrusted code can be executed having full access to secrets (from the base repo). By exploiting the vulnerability is possible to exfiltrate `GITHUB_TOKEN` and secrets `SPOTIPY_CLIENT_ID`, `SPOTIPY_CLIENT_SECRET`. In particular `GITHUB_TOKEN` which can be used to completely overtake the repo since the token has content write privileges. The `pull_request_target` in GitHub Actions is a major security concern—especially in public repositories—because it executes untrusted code from a PR, but with the context of the base repository, including access to its secrets. Commit 9dfb7177b8d7bb98a5a6014f8e6436812a47576f reverted the change that caused the issue.
SSVC
Exploitation: poc Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-488 - Exposure of Data Element to Wrong Session
Assigner
Impacted products
Vendor Product Version
spotipy-dev spotipy Affected: = 4f5759dbfb4506c7b6280572a4db1aabc1ac778d
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-47928",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-15T20:17:02.996955Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-15T20:18:00.369Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "spotipy",
          "vendor": "spotipy-dev",
          "versions": [
            {
              "status": "affected",
              "version": "= 4f5759dbfb4506c7b6280572a4db1aabc1ac778d"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using `pull_request_target` on `.github/workflows/integration_tests.yml` followed by the checking out the head.sha of a forked PR can be exploited by attackers, since untrusted code can be executed having full access to secrets (from the base repo). By exploiting the vulnerability is possible to exfiltrate `GITHUB_TOKEN` and secrets `SPOTIPY_CLIENT_ID`,  `SPOTIPY_CLIENT_SECRET`. In particular `GITHUB_TOKEN` which can be used to completely overtake the repo since the token has content write privileges. The `pull_request_target` in GitHub Actions is a major security concern\u2014especially in public repositories\u2014because it executes untrusted code from a PR, but with the context of the base repository, including access to its secrets. Commit 9dfb7177b8d7bb98a5a6014f8e6436812a47576f reverted the change that caused the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-488",
              "description": "CWE-488: Exposure of Data Element to Wrong Session",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-15T20:09:48.326Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-h25v-8c87-rvm8",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-h25v-8c87-rvm8"
        },
        {
          "name": "https://github.com/spotipy-dev/spotipy/commit/4f5759dbfb4506c7b6280572a4db1aabc1ac778d",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/spotipy-dev/spotipy/commit/4f5759dbfb4506c7b6280572a4db1aabc1ac778d"
        },
        {
          "name": "https://github.com/spotipy-dev/spotipy/commit/9dfb7177b8d7bb98a5a6014f8e6436812a47576f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/spotipy-dev/spotipy/commit/9dfb7177b8d7bb98a5a6014f8e6436812a47576f"
        }
      ],
      "source": {
        "advisory": "GHSA-h25v-8c87-rvm8",
        "discovery": "UNKNOWN"
      },
      "title": "Spotipy repo vulnerable to secrets exfiltration via `pull_request_target`"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-47928",
    "datePublished": "2025-05-15T20:09:48.326Z",
    "dateReserved": "2025-05-14T10:32:43.528Z",
    "dateUpdated": "2025-05-15T20:18:00.369Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-27606 (GCVE-0-2025-27606)

Vulnerability from cvelistv5 – Published: 2025-03-14 16:56 – Updated: 2025-03-14 18:11
VLAI
Title
Element Android PIN autologout bypass
Summary
Element Android is an Android Matrix Client provided by Element. Element Android up to version 1.6.32 can, under certain circumstances, fail to logout the user if they input the wrong PIN more than the configured amount of times. An attacker with physical access to a device can exploit this to guess the PIN. Version 1.6.34 solves the issue.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-488 - Exposure of Data Element to Wrong Session
Assigner
Impacted products
Vendor Product Version
element-hq element-android Affected: < 1.6.34
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-27606",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-14T18:07:15.449909Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-14T18:11:03.936Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "element-android",
          "vendor": "element-hq",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.6.34"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Element Android is an Android Matrix Client provided by Element. Element Android up to version 1.6.32 can, under certain circumstances, fail to logout the user if they input the wrong PIN more than the configured amount of times. An attacker with physical access to a device can exploit this to guess the PIN. Version 1.6.34 solves the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-488",
              "description": "CWE-488: Exposure of Data Element to Wrong Session",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-14T16:56:23.217Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/element-hq/element-android/security/advisories/GHSA-632v-9pm3-m8ch",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/element-hq/element-android/security/advisories/GHSA-632v-9pm3-m8ch"
        },
        {
          "name": "https://github.com/element-hq/element-android/commit/53bd78b05de375c6e6b0b5aa794a56b4ba95984c",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/element-hq/element-android/commit/53bd78b05de375c6e6b0b5aa794a56b4ba95984c"
        },
        {
          "name": "https://github.com/element-hq/element-android/commit/87d7fcdc8036a4db4da8c403f87c73a64a546304",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/element-hq/element-android/commit/87d7fcdc8036a4db4da8c403f87c73a64a546304"
        }
      ],
      "source": {
        "advisory": "GHSA-632v-9pm3-m8ch",
        "discovery": "UNKNOWN"
      },
      "title": "Element Android PIN autologout bypass"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-27606",
    "datePublished": "2025-03-14T16:56:23.217Z",
    "dateReserved": "2025-03-03T15:10:34.079Z",
    "dateUpdated": "2025-03-14T18:11:03.936Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24934 (GCVE-0-2025-24934)

Vulnerability from cvelistv5 – Published: 2025-10-22 17:43 – Updated: 2026-04-23 23:48
VLAI
Title
SO_REUSEPORT_LB breaks connect(2) for UDP sockets
Summary
Software which sets SO_REUSEPORT_LB on a socket and then connects it to a host will not directly observe any problems. However, due to its membership in a load-balancing group, that socket will receive packets originating from any host. This breaks the contract of the connect(2) and implied connect via sendto(2), and may leave the application vulnerable to spoofing attacks. The kernel failed to check the connection state of sockets when adding them to load-balancing groups. Furthermore, when looking up the destination socket for an incoming packet, the kernel will match a socket belonging to a load-balancing group even if it is connected, in violation of the contract that connected sockets are only supposed to receive packets originating from the connected host.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-488 - Exposure of Data Element to Wrong Session
Assigner
References
Impacted products
Vendor Product Version
FreeBSD FreeBSD Affected: 15.0-BETA2 , < p1 (beta)
Affected: 14.3-RELEASE , < p5 (release)
Affected: 13.5-RELEASE , < p6 (release)
Create a notification for this product.
Date Public
2025-10-22 17:00
Credits
MSc. student Omer Ben Simhon from the Hebrew University School of Computer Science and Engineering Prof. Amit Klein from the Hebrew University School of Computer Science and Engineering
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-24934",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-22T19:58:47.874750Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-22T20:01:34.413Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "netinet"
          ],
          "product": "FreeBSD",
          "vendor": "FreeBSD",
          "versions": [
            {
              "lessThan": "p1",
              "status": "affected",
              "version": "15.0-BETA2",
              "versionType": "beta"
            },
            {
              "lessThan": "p5",
              "status": "affected",
              "version": "14.3-RELEASE",
              "versionType": "release"
            },
            {
              "lessThan": "p6",
              "status": "affected",
              "version": "13.5-RELEASE",
              "versionType": "release"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "MSc. student Omer Ben Simhon from the Hebrew University School of Computer Science and Engineering"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Prof. Amit Klein from the Hebrew University School of Computer Science and Engineering"
        }
      ],
      "datePublic": "2025-10-22T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eSoftware which sets SO_REUSEPORT_LB on a socket and then connects it to a host will not directly observe any problems.  However, due to its membership in a load-balancing group, that socket will receive packets originating from any host.  This breaks the contract of the connect(2) and implied connect via sendto(2), and may leave the application vulnerable to spoofing attacks.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThe kernel failed to check the connection state of sockets when adding them to load-balancing groups.  Furthermore, when looking up the destination socket for an incoming packet, the kernel will match a socket belonging to a load-balancing group even if it is connected, in violation of the contract that connected sockets\u0026nbsp;are only supposed to receive packets originating from the connected host.\u003c/div\u003e"
            }
          ],
          "value": "Software which sets SO_REUSEPORT_LB on a socket and then connects it to a host will not directly observe any problems.  However, due to its membership in a load-balancing group, that socket will receive packets originating from any host.  This breaks the contract of the connect(2) and implied connect via sendto(2), and may leave the application vulnerable to spoofing attacks.\n\n\n\n\nThe kernel failed to check the connection state of sockets when adding them to load-balancing groups.  Furthermore, when looking up the destination socket for an incoming packet, the kernel will match a socket belonging to a load-balancing group even if it is connected, in violation of the contract that connected sockets\u00a0are only supposed to receive packets originating from the connected host."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-488",
              "description": "CWE-488: Exposure of Data Element to Wrong Session",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-23T23:48:50.271Z",
        "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
        "shortName": "freebsd"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.freebsd.org/advisories/FreeBSD-SA-25:09.netinet.asc"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://www.usenix.org/system/files/conference/usenixsecurity26/sec26_prepub_ben-simhon.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "SO_REUSEPORT_LB breaks connect(2) for UDP sockets",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
    "assignerShortName": "freebsd",
    "cveId": "CVE-2025-24934",
    "datePublished": "2025-10-22T17:43:12.326Z",
    "dateReserved": "2025-01-29T03:07:26.190Z",
    "dateUpdated": "2026-04-23T23:48:50.271Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-15576 (GCVE-0-2025-15576)

Vulnerability from cvelistv5 – Published: 2026-03-09 11:54 – Updated: 2026-03-10 18:56
VLAI
Title
Jail chroot escape via fd exchange with a different jail
Summary
If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has configured one. In this case, cooperating processes in the two jails may establish a connection using a unix domain socket and exchange directory descriptors with each other. When performing a filesystem name lookup, at each step of the lookup, the kernel checks whether the lookup would descend below the jail root of the current process. If the jail root directory is not encountered, the lookup continues. In a configuration where processes in two different jails are able to exchange file descriptors using a unix domain socket, it is possible for a jailed process to receive a directory for a descriptor that is below that process' jail root. This enables full filesystem access for a jailed process, breaking the chroot. Note that the system administrator is still responsible for ensuring that an unprivileged user on the jail host is not able to pass directory descriptors to a jailed process, even in a patched kernel.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
  • CWE-488 - Exposure of Data Element to Wrong Session
  • CWE-790 - Improper Filtering of Special Elements
Assigner
References
Impacted products
Vendor Product Version
FreeBSD FreeBSD Affected: 14.3-RELEASE , < p9 (release)
Affected: 13.5-RELEASE , < p10 (release)
Create a notification for this product.
Date Public
2026-02-24 17:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-15576",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-10T18:56:28.342905Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-10T18:56:48.250Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "jail"
          ],
          "product": "FreeBSD",
          "vendor": "FreeBSD",
          "versions": [
            {
              "lessThan": "p9",
              "status": "affected",
              "version": "14.3-RELEASE",
              "versionType": "release"
            },
            {
              "lessThan": "p10",
              "status": "affected",
              "version": "13.5-RELEASE",
              "versionType": "release"
            }
          ]
        }
      ],
      "datePublic": "2026-02-24T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has configured one.\n\nIn this case, cooperating processes in the two jails may establish a connection using a unix domain socket and exchange directory descriptors with each other.\n\nWhen performing a filesystem name lookup, at each step of the lookup, the kernel checks whether the lookup would descend below the jail root of the current process.  If the jail root directory is not encountered, the lookup continues.\n\nIn a configuration where processes in two different jails are able to exchange file descriptors using a unix domain socket, it is possible for a jailed process to receive a directory for a descriptor that is below that process\u0027 jail root.  This enables full filesystem access for a jailed process, breaking the chroot.\n\nNote that the system administrator is still responsible for ensuring that an unprivileged user on the jail host is not able to pass directory descriptors to a jailed process, even in a patched kernel."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            },
            {
              "cweId": "CWE-488",
              "description": "CWE-488: Exposure of Data Element to Wrong Session",
              "lang": "en",
              "type": "CWE"
            },
            {
              "cweId": "CWE-790",
              "description": "CWE-790: Improper Filtering of Special Elements",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-09T11:54:20.630Z",
        "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
        "shortName": "freebsd"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.freebsd.org/advisories/FreeBSD-SA-26:04.jail.asc"
        }
      ],
      "title": "Jail chroot escape via fd exchange with a different jail",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
    "assignerShortName": "freebsd",
    "cveId": "CVE-2025-15576",
    "datePublished": "2026-03-09T11:54:20.630Z",
    "dateReserved": "2026-02-09T17:48:45.726Z",
    "dateUpdated": "2026-03-10T18:56:48.250Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-2312 (GCVE-0-2025-2312)

Vulnerability from cvelistv5 – Published: 2025-03-25 18:08 – Updated: 2025-03-25 18:23
VLAI
Title
cifs.upcall makes an upcall to the wrong namespace in containerized environments
Summary
A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
cifs-utils cifs-utils Affected: 0 , < 7.2 (semver)
Create a notification for this product.
Date Public
2024-11-11 03:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2312",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-25T18:22:51.623724Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-25T18:23:15.943Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "cifs-utils",
          "vendor": "cifs-utils",
          "versions": [
            {
              "lessThan": "7.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-11-11T03:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host\u0027s Kerberos credentials cache."
            }
          ],
          "value": "A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host\u0027s Kerberos credentials cache."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-488",
              "description": "CWE-488",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-25T18:08:02.848Z",
        "orgId": "74b3a70d-cca6-4d34-9789-e83b222ae3be",
        "shortName": "redhat-cnalr"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://git.samba.org/?p=cifs-utils.git;a=commit;h=89b679228cc1be9739d54203d28289b03352c174"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/smb?id=db363b0a1d9e6b9dc556296f1b1007aeb496a8cf"
        }
      ],
      "title": "cifs.upcall  makes an upcall to the wrong namespace in containerized environments"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "74b3a70d-cca6-4d34-9789-e83b222ae3be",
    "assignerShortName": "redhat-cnalr",
    "cveId": "CVE-2025-2312",
    "datePublished": "2025-03-25T18:08:02.848Z",
    "dateReserved": "2025-03-14T14:44:33.471Z",
    "dateUpdated": "2025-03-25T18:23:15.943Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-1247 (GCVE-0-2025-1247)

Vulnerability from cvelistv5 – Published: 2025-02-13 13:26 – Updated: 2026-03-23 16:52
VLAI
Title
Io.quarkus:quarkus-rest: quarkus rest endpoint request parameter leakage due to shared instance
Summary
A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. This vulnerability allows attackers to manipulate request data, impersonate users, or access sensitive information.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-488 - Exposure of Data Element to Wrong Session
Assigner
References
Impacted products
Vendor Product Version
Affected: 0 , < 3.18.2 (semver)
Red Hat Red Hat Build of Apache Camel 4.8 for Quarkus 3.15     cpe:/a:redhat:camel_quarkus:3.15
Create a notification for this product.
Red Hat Red Hat build of Quarkus 3.15.3.SP1     cpe:/a:redhat:quarkus:3.15::el8
Create a notification for this product.
Red Hat Red Hat build of Quarkus 3.8.6.SP3     cpe:/a:redhat:quarkus:3.8::el8
Create a notification for this product.
Date Public
2025-02-12 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1247",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-13T14:11:32.786242Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-13T14:11:38.780Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/quarkusio/quarkus/",
          "defaultStatus": "unaffected",
          "packageName": "quarkus-rest",
          "versions": [
            {
              "lessThan": "3.18.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:camel_quarkus:3.15"
          ],
          "defaultStatus": "unaffected",
          "packageName": "io.quarkus/quarkus-rest",
          "product": "Red Hat Build of Apache Camel 4.8 for Quarkus 3.15",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:quarkus:3.15::el8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "io.quarkus/quarkus-rest",
          "product": "Red Hat build of Quarkus 3.15.3.SP1",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:quarkus:3.8::el8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "io.quarkus/quarkus-rest",
          "product": "Red Hat build of Quarkus 3.8.6.SP3",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-02-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. This vulnerability allows attackers to manipulate request data, impersonate users, or access sensitive information."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-488",
              "description": "Exposure of Data Element to Wrong Session",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-23T16:52:29.190Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:1884",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:1884"
        },
        {
          "name": "RHSA-2025:1885",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:1885"
        },
        {
          "name": "RHSA-2025:2067",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:2067"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-1247"
        },
        {
          "name": "RHBZ#2345172",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345172"
        },
        {
          "url": "https://github.com/quarkusio/quarkus/issues/45789"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-02-12T09:30:25.106Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-02-12T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Io.quarkus:quarkus-rest: quarkus rest endpoint request parameter leakage due to shared instance",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-488: Exposure of Data Element to Wrong Session"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-1247",
    "datePublished": "2025-02-13T13:26:26.992Z",
    "dateReserved": "2025-02-12T09:43:11.716Z",
    "dateUpdated": "2026-03-23T16:52:29.190Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-41977 (GCVE-0-2024-41977)

Vulnerability from cvelistv5 – Published: 2024-08-13 07:54 – Updated: 2024-08-13 16:01
VLAI
Summary
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.1). Affected devices do not properly enforce isolation between user sessions in their web server component. This could allow an authenticated remote attacker to escalate their privileges on the devices.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-488 - Exposure of Data Element to Wrong Session
Assigner
Impacted products
Vendor Product Version
Siemens RUGGEDCOM RM1224 LTE(4G) EU Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RM1224 LTE(4G) NAM Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE M804PB Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE M812-1 ADSL-Router family Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE M816-1 ADSL-Router family Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE M826-2 SHDSL-Router Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE M874-2 Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE M874-3 Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE M874-3 3G-Router (CN) Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE M876-3 Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE M876-3 (ROK) Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE M876-4 Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE M876-4 (EU) Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE M876-4 (NAM) Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE MUM853-1 (A1) Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE MUM853-1 (B1) Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE MUM853-1 (EU) Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE MUM856-1 (A1) Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE MUM856-1 (B1) Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE MUM856-1 (CN) Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE MUM856-1 (EU) Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE MUM856-1 (RoW) Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE S615 EEC LAN-Router Affected: 0 , < V8.1 (custom)
Create a notification for this product.
Siemens SCALANCE S615 LAN-Router Affected: 0 , < V8.1 (custom)
Create a notification for this product.
siemens ruggedcom_rcm1224_firmware Affected: 6.2 , < v8.1 (custom)
    cpe:2.3:o:siemens:ruggedcom_rcm1224_firmware:6.2:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:siemens:ruggedcom_rcm1224_firmware:6.2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rcm1224_firmware",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v8.1",
                "status": "affected",
                "version": "6.2",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41977",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-13T15:59:08.645171Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-13T16:01:41.802Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RM1224 LTE(4G) EU",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RM1224 LTE(4G) NAM",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M804PB",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M812-1 ADSL-Router family",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M816-1 ADSL-Router family",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M826-2 SHDSL-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M874-2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M874-3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M874-3 3G-Router (CN)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-3 (ROK)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-4",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-4 (EU)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE M876-4 (NAM)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE MUM853-1 (A1)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE MUM853-1 (B1)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE MUM853-1 (EU)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE MUM856-1 (A1)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE MUM856-1 (B1)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE MUM856-1 (CN)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE MUM856-1 (EU)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE MUM856-1 (RoW)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE S615 EEC LAN-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE S615 LAN-Router",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions \u003c V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions \u003c V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions \u003c V8.1), SCALANCE M812-1 ADSL-Router family (All versions \u003c V8.1), SCALANCE M816-1 ADSL-Router family (All versions \u003c V8.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions \u003c V8.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions \u003c V8.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions \u003c V8.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions \u003c V8.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions \u003c V8.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions \u003c V8.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions \u003c V8.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions \u003c V8.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions \u003c V8.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions \u003c V8.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions \u003c V8.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions \u003c V8.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions \u003c V8.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions \u003c V8.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions \u003c V8.1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions \u003c V8.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions \u003c V8.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions \u003c V8.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions \u003c V8.1). Affected devices do not properly enforce isolation between user sessions in their web server component. This could allow an authenticated remote attacker to escalate their privileges on the devices."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-488",
              "description": "CWE-488: Exposure of Data Element to Wrong Session",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T07:54:37.591Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-087301.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-41977",
    "datePublished": "2024-08-13T07:54:37.591Z",
    "dateReserved": "2024-07-25T11:00:11.939Z",
    "dateUpdated": "2024-08-13T16:01:41.802Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38367 (GCVE-0-2024-38367)

Vulnerability from cvelistv5 – Published: 2024-07-01 20:48 – Updated: 2024-08-19 14:50
VLAI
Title
CoacoaPods trunk sessions verification step could be manipulated for owner session hijacking
Summary
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Prior to commit d4fa66f49cedab449af9a56a21ab40697b9f7b97, the trunk sessions verification step could be manipulated for owner session hijacking Compromising a victim’s session will result in a full takeover of the CocoaPods trunk account. The threat actor could manipulate their pod specifications, disrupt the distribution of legitimate libraries, or cause widespread disruption within the CocoaPods ecosystem. This was patched server-side with commit d4fa66f49cedab449af9a56a21ab40697b9f7b97 in October 2023.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-488 - Exposure of Data Element to Wrong Session
Assigner
Impacted products
Vendor Product Version
CocoaPods CocoaPods Affected: < d4fa66f49cedab449af9a56a21ab40697b9f7b97
Create a notification for this product.
cocoapods cocoapods Affected: 0 , < d4fa66f49cedab449af9a56a21ab40697b9f7b97 (git)
    cpe:2.3:a:cocoapods:cocoapods:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:04:25.266Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/CocoaPods/CocoaPods/security/advisories/GHSA-52gf-m7v9-m333",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/CocoaPods/CocoaPods/security/advisories/GHSA-52gf-m7v9-m333"
          },
          {
            "name": "https://github.com/CocoaPods/trunk.cocoapods.org/commit/d4fa66f49cedab449af9a56a21ab40697b9f7b97",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/CocoaPods/trunk.cocoapods.org/commit/d4fa66f49cedab449af9a56a21ab40697b9f7b97"
          },
          {
            "name": "https://blog.cocoapods.org/CocoaPods-Trunk-RCEs-2023",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.cocoapods.org/CocoaPods-Trunk-RCEs-2023"
          },
          {
            "name": "https://evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods#vulnerability-3-achieving-zero-click-account-takeover-by-defeating-email-security-boundaries",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods#vulnerability-3-achieving-zero-click-account-takeover-by-defeating-email-security-boundaries"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cocoapods:cocoapods:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cocoapods",
            "vendor": "cocoapods",
            "versions": [
              {
                "lessThan": "d4fa66f49cedab449af9a56a21ab40697b9f7b97",
                "status": "affected",
                "version": "0",
                "versionType": "git"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38367",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-19T14:46:13.098215Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-19T14:50:18.770Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CocoaPods",
          "vendor": "CocoaPods",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c d4fa66f49cedab449af9a56a21ab40697b9f7b97"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Prior to commit d4fa66f49cedab449af9a56a21ab40697b9f7b97, the trunk sessions verification step could be manipulated for owner session hijacking Compromising a victim\u2019s session will result in a full takeover of the CocoaPods trunk account. The threat actor could manipulate their pod specifications, disrupt the distribution of legitimate libraries, or cause widespread disruption within the CocoaPods ecosystem. This was patched server-side with commit d4fa66f49cedab449af9a56a21ab40697b9f7b97 in October 2023."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-488",
              "description": "CWE-488: Exposure of Data Element to Wrong Session",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-02T17:00:40.830Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/CocoaPods/CocoaPods/security/advisories/GHSA-52gf-m7v9-m333",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/CocoaPods/CocoaPods/security/advisories/GHSA-52gf-m7v9-m333"
        },
        {
          "name": "https://github.com/CocoaPods/trunk.cocoapods.org/commit/d4fa66f49cedab449af9a56a21ab40697b9f7b97",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/CocoaPods/trunk.cocoapods.org/commit/d4fa66f49cedab449af9a56a21ab40697b9f7b97"
        },
        {
          "name": "https://blog.cocoapods.org/CocoaPods-Trunk-RCEs-2023",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.cocoapods.org/CocoaPods-Trunk-RCEs-2023"
        },
        {
          "name": "https://evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods#vulnerability-3-achieving-zero-click-account-takeover-by-defeating-email-security-boundaries",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods#vulnerability-3-achieving-zero-click-account-takeover-by-defeating-email-security-boundaries"
        }
      ],
      "source": {
        "advisory": "GHSA-52gf-m7v9-m333",
        "discovery": "UNKNOWN"
      },
      "title": "CoacoaPods trunk sessions verification step could be manipulated for owner session hijacking"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-38367",
    "datePublished": "2024-07-01T20:48:06.861Z",
    "dateReserved": "2024-06-14T14:16:16.466Z",
    "dateUpdated": "2024-08-19T14:50:18.770Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27935 (GCVE-0-2024-27935)

Vulnerability from cvelistv5 – Published: 2024-03-06 21:02 – Updated: 2024-08-02 20:12
VLAI
Title
Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination
Summary
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets or files. The issue arises from the re-use of a global buffer (BUF) in stream_wrap.ts used as a performance optimization to limit allocations during these asynchronous read operations. This can lead to data intended for one session being received by another session, potentially resulting in data corruption and unexpected behavior. This affects all users of Deno that use the node.js compatibility layer for network communication or other streams, including packages that may require node.js libraries indirectly. Version 1.36.3 contains a patch for this issue.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-488 - Exposure of Data Element to Wrong Session
Assigner
Impacted products
Vendor Product Version
denoland deno Affected: >= 1.35.1, < 1.36.3
Create a notification for this product.
denoland deno Affected: 1.35.1 , ≤ 1.36.3 (custom)
    cpe:2.3:a:denoland:deno:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:41:55.847Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/denoland/deno/security/advisories/GHSA-wrqv-pf6j-mqjp",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/denoland/deno/security/advisories/GHSA-wrqv-pf6j-mqjp"
          },
          {
            "name": "https://github.com/denoland/deno/issues/20188",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/denoland/deno/issues/20188"
          },
          {
            "name": "https://github.com/denoland/deno/commit/3e9fb8aafd9834ebacd27734cea4310caaf794c6",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/denoland/deno/commit/3e9fb8aafd9834ebacd27734cea4310caaf794c6"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:denoland:deno:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "deno",
            "vendor": "denoland",
            "versions": [
              {
                "lessThanOrEqual": "1.36.3",
                "status": "affected",
                "version": "1.35.1",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27935",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-02T20:04:17.278451Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:12:42.832Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "deno",
          "vendor": "denoland",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.35.1, \u003c 1.36.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno\u0027s Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets or files. The issue arises from the re-use of a global buffer (BUF) in stream_wrap.ts used as a performance optimization to limit allocations during these asynchronous read operations. This can lead to data intended for one session being received by another session, potentially resulting in data corruption and unexpected behavior. This affects all users of Deno that use the node.js compatibility layer for network communication or other streams, including packages that may require node.js libraries indirectly. Version 1.36.3 contains a patch for this issue.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-488",
              "description": "CWE-488: Exposure of Data Element to Wrong Session",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-06T21:02:14.359Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/denoland/deno/security/advisories/GHSA-wrqv-pf6j-mqjp",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/denoland/deno/security/advisories/GHSA-wrqv-pf6j-mqjp"
        },
        {
          "name": "https://github.com/denoland/deno/issues/20188",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/denoland/deno/issues/20188"
        },
        {
          "name": "https://github.com/denoland/deno/commit/3e9fb8aafd9834ebacd27734cea4310caaf794c6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/denoland/deno/commit/3e9fb8aafd9834ebacd27734cea4310caaf794c6"
        }
      ],
      "source": {
        "advisory": "GHSA-wrqv-pf6j-mqjp",
        "discovery": "UNKNOWN"
      },
      "title": "Deno\u0027s Node.js Compatibility Runtime has Cross-Session Data Contamination"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-27935",
    "datePublished": "2024-03-06T21:02:14.359Z",
    "dateReserved": "2024-02-28T15:14:14.216Z",
    "dateUpdated": "2024-08-02T20:12:42.832Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-11094 (GCVE-0-2024-11094)

Vulnerability from cvelistv5 – Published: 2024-11-16 09:36 – Updated: 2026-04-08 17:26
VLAI
Title
404 Solution <= 2.35.17 - Missing Authentication to Sensitive Information Exposure
Summary
The 404 Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35.17 via the export feature. This makes it possible for unauthenticated attackers to extract data such as redirects including GET parameters which may reveal sensitive information. On most sites this is unlikely to be the case.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-488 - Exposure of Data Element to Wrong Session
Assigner
Impacted products
Vendor Product Version
aaron13100 404 Solution Affected: 0 , ≤ 2.35.17 (semver)
Create a notification for this product.
aaron13100 404_solution Affected: 0 , ≤ 2.35.17 (custom)
    cpe:2.3:a:aaron13100:404_solution:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Max Boll
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:aaron13100:404_solution:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "404_solution",
            "vendor": "aaron13100",
            "versions": [
              {
                "lessThanOrEqual": "2.35.17",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11094",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-18T15:42:33.420109Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-19T15:12:11.494Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "404 Solution",
          "vendor": "aaron13100",
          "versions": [
            {
              "lessThanOrEqual": "2.35.17",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Max Boll"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The 404 Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35.17 via the export feature. This makes it possible for unauthenticated attackers to extract data such as redirects including GET parameters which may reveal sensitive information. On most sites this is unlikely to be the case."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-488",
              "description": "CWE-488 Exposure of Data Element to Wrong Session",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:26:33.485Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d738be73-2573-4fb8-b6f0-768a08628265?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3188844%40404-solution%2Ftrunk\u0026old=3169186%40404-solution%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-11-15T20:57:53.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "404 Solution \u003c= 2.35.17 - Missing Authentication to Sensitive Information Exposure"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-11094",
    "datePublished": "2024-11-16T09:36:36.429Z",
    "dateReserved": "2024-11-11T20:06:35.663Z",
    "dateUpdated": "2026-04-08T17:26:33.485Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Architecture and Design

Protect the application's sessions from information leakage. Make sure that a session's data is not used or visible by other sessions.

Mitigation
Testing

Use a static analysis tool to scan the code for information leakage vulnerabilities (e.g. Singleton Member Field).

Mitigation
Architecture and Design

In a multithreading environment, storing user data in Servlet member fields introduces a data access race condition. Do not use member fields to store information in the Servlet.

CAPEC-59: Session Credential Falsification through Prediction

This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

CAPEC-60: Reusing Session IDs (aka Session Replay)

This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.