Common Weakness Enumeration

CWE-523

Allowed

Unprotected Transport of Credentials

Abstraction: Base · Status: Incomplete

Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.

40 vulnerabilities reference this CWE, most recent first.

GHSA-9WMF-XF3H-R8PR

Vulnerability from github – Published: 2024-04-25 18:30 – Updated: 2025-10-24 19:33
VLAI
Summary
Jberet: jberet-core logging database credentials
Details

A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jberet:jberet-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.1.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-1102"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-523",
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-25T19:57:35Z",
    "nvd_published_at": "2024-04-25T17:15:47Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in jberet-core logging. An exception in \u0027dbProperties\u0027 might display user credentials such as the username and password for the database-connection.",
  "id": "GHSA-9wmf-xf3h-r8pr",
  "modified": "2025-10-24T19:33:18Z",
  "published": "2024-04-25T18:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1102"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jberet/jsr352/issues/452"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jberet/jsr352/commit/eeef999663d7da0e372aeeeac26ecf7201a3121d"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:1677"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:3580"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:3581"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:3583"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-1102"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262060"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jberet/jsr352"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Jberet: jberet-core logging database credentials"
}

GHSA-C625-6F4R-X698

Vulnerability from github – Published: 2024-07-30 15:31 – Updated: 2024-07-30 15:31
VLAI
Details

Unprotected Transport of Credentials vulnerability in OpenText™ Documentum™ Server could allow Credential Stuffing.This issue affects Documentum™ Server: from 16.7 through 23.4.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-4188"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-523"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-30T15:15:13Z",
    "severity": "HIGH"
  },
  "details": "Unprotected Transport of Credentials vulnerability in OpenText\u2122 Documentum\u2122 Server could allow Credential Stuffing.This issue affects Documentum\u2122 Server: from 16.7 through 23.4.",
  "id": "GHSA-c625-6f4r-x698",
  "modified": "2024-07-30T15:31:29Z",
  "published": "2024-07-30T15:31:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4188"
    },
    {
      "type": "WEB",
      "url": "https://support.opentext.com/csm?id=kb_article_view\u0026sysparm_article=KB0815868"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:A/V:C/RE:H/U:Red",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-FC5M-2QWJ-QJH3

Vulnerability from github – Published: 2023-06-05 00:30 – Updated: 2024-04-04 04:31
VLAI
Details

IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 244107.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-22862"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-522",
      "CWE-523"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-05T00:15:09Z",
    "severity": "HIGH"
  },
  "details": "IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.  IBM X-Force ID:  244107.",
  "id": "GHSA-fc5m-2qwj-qjh3",
  "modified": "2024-04-04T04:31:30Z",
  "published": "2023-06-05T00:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22862"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/244107"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7001053"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J57W-G5V3-32QM

Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-10-25 19:00
VLAI
Details

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-38460"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-522",
      "CWE-523"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-12T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.",
  "id": "GHSA-j57w-g5v3-32qm",
  "modified": "2022-10-25T19:00:33Z",
  "published": "2022-05-24T19:17:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38460"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J6JW-HG33-X575

Vulnerability from github – Published: 2025-03-01 00:31 – Updated: 2026-01-29 03:31
VLAI
Details

Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-1509"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-523"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-28T22:15:38Z",
    "severity": "HIGH"
  },
  "details": "Brocade ASCG before 3.2.0 Web Interface  is not \nenforcing HSTS, as defined by RFC 6797. HSTS is an optional response \nheader that can be configured on the server to instruct the browser to \nonly communicate via HTTPS. The lack of HSTS allows downgrade attacks, \nSSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking \nprotections.",
  "id": "GHSA-j6jw-hg33-x575",
  "modified": "2026-01-29T03:31:24Z",
  "published": "2025-03-01T00:31:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1509"
    },
    {
      "type": "WEB",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25428"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-PM8C-WH6Q-XFWQ

Vulnerability from github – Published: 2023-07-07 00:30 – Updated: 2024-04-04 05:50
VLAI
Details

PiiGAB M-Bus transmits credentials in plaintext format.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-31277"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-523"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-06T23:15:09Z",
    "severity": "HIGH"
  },
  "details": "\n\n\n\n\nPiiGAB M-Bus transmits credentials in plaintext format.\n\n\n\n\n\n",
  "id": "GHSA-pm8c-wh6q-xfwq",
  "modified": "2024-04-04T05:50:08Z",
  "published": "2023-07-07T00:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31277"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q837-53GV-8R7R

Vulnerability from github – Published: 2022-06-25 00:01 – Updated: 2022-06-25 00:01
VLAI
Details

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-31805"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-523"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-24T08:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.",
  "id": "GHSA-q837-53gv-8r7r",
  "modified": "2022-06-25T00:01:01Z",
  "published": "2022-06-25T00:01:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31805"
    },
    {
      "type": "WEB",
      "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V88W-JGRG-7946

Vulnerability from github – Published: 2026-05-26 13:30 – Updated: 2026-05-26 13:30
VLAI
Details

Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks.

This issue affects Avantra: before 25.3.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-8673"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-523"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-22T14:16:30Z",
    "severity": "MODERATE"
  },
  "details": "Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks.\n\nThis issue affects Avantra: before 25.3.0.",
  "id": "GHSA-v88w-jgrg-7946",
  "modified": "2026-05-26T13:30:17Z",
  "published": "2026-05-26T13:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8673"
    },
    {
      "type": "WEB",
      "url": "https://support.avantra.com/hc/en-us/articles/5535621927071"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VRJC-Q2FH-6X9H

Vulnerability from github – Published: 2026-01-05 22:55 – Updated: 2026-01-06 15:51
VLAI
Summary
Spinnaker vulnerable to SSRF due to improper restrictions on http from user input
Details

Impact

The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into Spinnaker pipelines via helm or other methods to extract things LIKE idmsv1 authentication data. This ALSO includes calling INTERNAL Spinnaker API's via a get and similar endpoints. Further, depending upon the artifact configuration, auth data may be exposed to arbitrary endpoints (e.g. GitHub auth headers) leading to credentials exposure.

To trigger this, a Spinnaker installation MUST have: * An artifact enabled that allows user input. This includes GitHub file artifacts, BitBucket, GitLab, HTTP artifacts and similar artifact providers. JUST enabling the http artifact provider will add a "no-auth" http provider that could be used to extract link local data (e.g. AWS Metadata information). * A system that can consume the output of these artifacts. E.g. Rosco helm can use this to fetch values data. K8s account manifests if the API returns JSON can be used to inject that data into the pipeline itself though the pipeline would fail.

To note, due to the way the URLs are viable to be injected, CERTAIN systems can be used to provide DOS attacks on Spinnaker itself. These would NOT compromise the system per se, given restarts and timeout configuration, but could lead to internal attacks by a Spinnaker user against Spinnaker services. An example is that an artifact fetch reference could return an infinite response data feed or similar that can act as a DOS attack. It's recommended to set strong limits on the various http limits AND artifact URLs to known valid URLs.

Patches

Fixed in clouddriver versiosn 2025.2.3, 2025.1.5, 2025.0.9. Impacts all prior Spinnaker releases.

Workarounds

Disable HTTP account types that allow user input of a given URL. This is probably not feasible in MOST cases. Git, Docker and other artifact account types with explicit URL configurations bypass this limitation and should be safe as they limit artifact URL loading.

Alternatively using one of the various vendors which provide OPA policies to restrict pipelines from accessing or saving a pipeline with invalid URLs.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.spinnaker.clouddriver:clouddriver-artifacts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2025.1.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.spinnaker.clouddriver:clouddriver-artifacts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2025.2.0"
            },
            {
              "fixed": "2025.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-61916"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-523",
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-05T22:55:12Z",
    "nvd_published_at": "2026-01-05T22:15:50Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nThe primary impact is allowing users to fetch data from a remote URL.  This data can be then injected into Spinnaker pipelines via helm or other methods to extract things LIKE idmsv1 authentication data.  This ALSO includes calling INTERNAL Spinnaker API\u0027s via a get and similar endpoints.  Further, depending upon the artifact configuration, auth data may be exposed to arbitrary endpoints (e.g. GitHub auth headers) leading to credentials exposure.   \n\nTo trigger this, a Spinnaker installation MUST have:\n* An artifact enabled that allows user input.  This includes GitHub file artifacts, BitBucket, GitLab, HTTP artifacts and similar artifact providers.  JUST enabling the http artifact provider will add a \"no-auth\" http provider that could be used to extract link local data (e.g. AWS Metadata information).\n* A system that can consume the output of these artifacts.  E.g. Rosco helm can use this to fetch values data.  K8s account manifests if the API returns JSON can be used to inject that data into the pipeline itself though the pipeline would fail.\n\nTo note, due to the way the URLs are viable to be injected, CERTAIN systems can be used to provide DOS attacks on Spinnaker itself.  These would NOT compromise the system per se, given restarts and timeout configuration, but could lead to internal attacks by a Spinnaker user against Spinnaker services.  An example is that an artifact fetch reference could return an infinite response data feed or similar that can act as a DOS attack.  It\u0027s recommended to set strong limits on the various http limits AND artifact URLs to known valid URLs. \n\n### Patches\nFixed in clouddriver versiosn 2025.2.3, 2025.1.5, 2025.0.9.  Impacts all prior Spinnaker releases.\n\n### Workarounds\nDisable HTTP account types that allow user input of a given URL.  This is probably not feasible in MOST cases.  Git, Docker and other artifact account types with explicit URL configurations bypass this limitation and should be safe as they limit artifact URL loading.\n\nAlternatively using one of the various vendors which provide OPA policies to restrict pipelines from accessing or saving a pipeline with invalid URLs.",
  "id": "GHSA-vrjc-q2fh-6x9h",
  "modified": "2026-01-06T15:51:46Z",
  "published": "2026-01-05T22:55:12Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/spinnaker/spinnaker/security/advisories/GHSA-vrjc-q2fh-6x9h"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61916"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/spinnaker/spinnaker"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Spinnaker vulnerable to SSRF due to improper restrictions on http from user input"
}

GHSA-WJ9F-8875-4RPW

Vulnerability from github – Published: 2025-11-15 00:30 – Updated: 2025-11-15 00:30
VLAI
Details

The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-64308"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-523"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-15T00:15:47Z",
    "severity": "HIGH"
  },
  "details": "The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle.",
  "id": "GHSA-wj9f-8875-4rpw",
  "modified": "2025-11-15T00:30:26Z",
  "published": "2025-11-15T00:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64308"
    },
    {
      "type": "WEB",
      "url": "https://brightpick.ai/contact-us"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-04.json"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-04"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation
Operation System Configuration

Enforce SSL use for the login page or any page used to transmit user credentials or other sensitive information. Even if the entire site does not use SSL, it MUST use SSL for login. Additionally, to help prevent phishing attacks, make sure that SSL serves the login page. SSL allows the user to verify the identity of the server to which they are connecting. If the SSL serves login page, the user can be certain they are talking to the proper end system. A phishing attack would typically redirect a user to a site that does not have a valid trusted server certificate issued from an authorized supplier.

CAPEC-102: Session Sidejacking

Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.