Common Weakness Enumeration

CWE-524

Allowed

Use of Cache Containing Sensitive Information

Abstraction: Base · Status: Incomplete

The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.

93 vulnerabilities reference this CWE, most recent first.

CVE-2021-24027 (GCVE-0-2021-24027)

Vulnerability from cvelistv5 – Published: 2021-04-06 16:45 – Updated: 2024-08-03 19:21
VLAI
Summary
A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material.
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:21:17.148Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.whatsapp.com/security/advisories/2021/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WhatsApp Business for Android",
          "vendor": "Facebook",
          "versions": [
            {
              "status": "affected",
              "version": "v2.21.4.18"
            }
          ]
        },
        {
          "product": "WhatsApp for Android",
          "vendor": "Facebook",
          "versions": [
            {
              "lessThan": "v2.21.4.18",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "dateAssigned": "2021-04-06T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device\u2019s external storage to read cached TLS material."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-524",
              "description": "CWE-524",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-06T16:45:15.000Z",
        "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "shortName": "facebook"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.whatsapp.com/security/advisories/2021/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-assign@fb.com",
          "DATE_ASSIGNED": "2021-04-06",
          "ID": "CVE-2021-24027",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WhatsApp Business for Android",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "v2.21.4.18"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "WhatsApp for Android",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "v2.21.4.18"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Facebook"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device\u2019s external storage to read cached TLS material."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-524"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.whatsapp.com/security/advisories/2021/",
              "refsource": "CONFIRM",
              "url": "https://www.whatsapp.com/security/advisories/2021/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
    "assignerShortName": "facebook",
    "cveId": "CVE-2021-24027",
    "datePublished": "2021-04-06T16:45:15.000Z",
    "dateReserved": "2021-01-13T00:00:00.000Z",
    "dateUpdated": "2024-08-03T19:21:17.148Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-14997 (GCVE-0-2019-14997)

Vulnerability from cvelistv5 – Published: 2019-09-11 13:56 – Updated: 2024-09-16 18:44
VLAI
Summary
The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN.
Severity
No CVSS data available.
CWE
  • CWE-524 - Information Exposure Through Caching (CWE-524)
Assigner
References
Impacted products
Vendor Product Version
Atlassian Jira Affected: unspecified , < 8.4.0 (custom)
Create a notification for this product.
Date Public
2019-09-10 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:34:53.000Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/JRASERVER-69794"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Jira",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.4.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-09-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-524",
              "description": "Information Exposure Through Caching (CWE-524)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-11T13:56:26.000Z",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://jira.atlassian.com/browse/JRASERVER-69794"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2019-09-10T00:00:00",
          "ID": "CVE-2019-14997",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Jira",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.4.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Exposure Through Caching (CWE-524)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/JRASERVER-69794",
              "refsource": "CONFIRM",
              "url": "https://jira.atlassian.com/browse/JRASERVER-69794"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2019-14997",
    "datePublished": "2019-09-11T13:56:26.203Z",
    "dateReserved": "2019-08-13T00:00:00.000Z",
    "dateUpdated": "2024-09-16T18:44:06.559Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-11244 (GCVE-0-2019-11244)

Vulnerability from cvelistv5 – Published: 2019-04-22 14:54 – Updated: 2024-08-04 22:48
VLAI
Title
kubectl creates world-writeable cached schema files
Summary
In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation.
CWE
  • CWE-524 - Information Exposure Through Caching
Assigner
References
Impacted products
Vendor Product Version
Kubernetes Kubernetes Affected: v1.8.0 , < v1.8* (custom)
Affected: v1.9.0 , < v1.9* (custom)
Affected: v1.10.0 , < v1.10* (custom)
Affected: v1.11.0 , < v1.11* (custom)
Affected: v1.12.0 , < v1.12* (custom)
Affected: v1.13.0 , < v1.13* (custom)
Affected: v1.14.0 , < v1.14* (custom)
Create a notification for this product.
Credits
Jordan Zebor of F5 Networks
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:48:09.162Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/kubernetes/kubernetes/issues/76676"
          },
          {
            "name": "108064",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108064"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190509-0002/"
          },
          {
            "name": "RHSA-2019:3942",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3942"
          },
          {
            "name": "RHSA-2020:0020",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0020"
          },
          {
            "name": "RHSA-2020:0074",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0074"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kubernetes",
          "vendor": "Kubernetes",
          "versions": [
            {
              "lessThan": "v1.8*",
              "status": "affected",
              "version": "v1.8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "v1.9*",
              "status": "affected",
              "version": "v1.9.0",
              "versionType": "custom"
            },
            {
              "lessThan": "v1.10*",
              "status": "affected",
              "version": "v1.10.0",
              "versionType": "custom"
            },
            {
              "lessThan": "v1.11*",
              "status": "affected",
              "version": "v1.11.0",
              "versionType": "custom"
            },
            {
              "lessThan": "v1.12*",
              "status": "affected",
              "version": "v1.12.0",
              "versionType": "custom"
            },
            {
              "lessThan": "v1.13*",
              "status": "affected",
              "version": "v1.13.0",
              "versionType": "custom"
            },
            {
              "lessThan": "v1.14*",
              "status": "affected",
              "version": "v1.14.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Jordan Zebor of F5 Networks"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-524",
              "description": "CWE-524 Information Exposure Through Caching",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-21T19:06:10.000Z",
        "orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
        "shortName": "kubernetes"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/kubernetes/kubernetes/issues/76676"
        },
        {
          "name": "108064",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108064"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190509-0002/"
        },
        {
          "name": "RHSA-2019:3942",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3942"
        },
        {
          "name": "RHSA-2020:0020",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0020"
        },
        {
          "name": "RHSA-2020:0074",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0074"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "kubectl creates world-writeable cached schema files",
      "workarounds": [
        {
          "lang": "en",
          "value": "Use the default --http-cache location in the $HOME directory or point it at a directory that is only accessible to desired users/groups."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.6"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@kubernetes.io",
          "ID": "CVE-2019-11244",
          "STATE": "PUBLIC",
          "TITLE": "kubectl creates world-writeable cached schema files"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Kubernetes",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_name": "v1.8",
                            "version_value": "v1.8.0"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_name": "v1.9",
                            "version_value": "v1.9.0"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_name": "v1.10",
                            "version_value": "v1.10.0"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_name": "v1.11",
                            "version_value": "v1.11.0"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_name": "v1.12",
                            "version_value": "v1.12.0"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_name": "v1.13",
                            "version_value": "v1.13.0"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_name": "v1.14",
                            "version_value": "v1.14.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Kubernetes"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Jordan Zebor of F5 Networks"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.6"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-524 Information Exposure Through Caching"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/kubernetes/kubernetes/issues/76676",
              "refsource": "MISC",
              "url": "https://github.com/kubernetes/kubernetes/issues/76676"
            },
            {
              "name": "108064",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108064"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190509-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190509-0002/"
            },
            {
              "name": "RHSA-2019:3942",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3942"
            },
            {
              "name": "RHSA-2020:0020",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0020"
            },
            {
              "name": "RHSA-2020:0074",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0074"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Use the default --http-cache location in the $HOME directory or point it at a directory that is only accessible to desired users/groups."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
    "assignerShortName": "kubernetes",
    "cveId": "CVE-2019-11244",
    "datePublished": "2019-04-22T14:54:15.000Z",
    "dateReserved": "2019-04-17T00:00:00.000Z",
    "dateUpdated": "2024-08-04T22:48:09.162Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-9495 (GCVE-0-2019-9495)

Vulnerability from cvelistv5 – Published: 2019-04-17 13:31 – Updated: 2024-08-04 21:54
VLAI
Title
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns
Summary
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
Severity
No CVSS data available.
CWE
  • CWE-524 - Information Exposure Through Caching
Assigner
References
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:54:44.180Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://w1.fi/security/2019-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_16"
          },
          {
            "name": "FEDORA-2019-d03bae77f5",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"
          },
          {
            "name": "FEDORA-2019-f409af9fbe",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"
          },
          {
            "name": "FEDORA-2019-eba1109acd",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"
          },
          {
            "name": "FreeBSD-SA-19:03",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
          },
          {
            "name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/May/40"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"
          },
          {
            "name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"
          },
          {
            "name": "openSUSE-SU-2020:0222",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "hostapd with EAP-pwd support",
          "vendor": "Wi-Fi Alliance",
          "versions": [
            {
              "lessThanOrEqual": "2.7",
              "status": "affected",
              "version": "2.7",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "wpa_supplicant with EAP-pwd support",
          "vendor": "Wi-Fi Alliance",
          "versions": [
            {
              "lessThanOrEqual": "2.7",
              "status": "affected",
              "version": "2.7",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-524",
              "description": "CWE-524 Information Exposure Through Caching",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-16T00:06:10.000Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://w1.fi/security/2019-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/security/advisory/Synology_SA_19_16"
        },
        {
          "name": "FEDORA-2019-d03bae77f5",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"
        },
        {
          "name": "FEDORA-2019-f409af9fbe",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"
        },
        {
          "name": "FEDORA-2019-eba1109acd",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"
        },
        {
          "name": "FreeBSD-SA-19:03",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
        },
        {
          "name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/May/40"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"
        },
        {
          "name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"
        },
        {
          "name": "openSUSE-SU-2020:0222",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns",
      "x_generator": {
        "engine": "Vulnogram 0.0.6"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "Dragonblood",
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2019-9495",
          "STATE": "PUBLIC",
          "TITLE": "The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "hostapd with EAP-pwd support",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "2.7",
                            "version_value": "2.7"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "wpa_supplicant with EAP-pwd support",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "2.7",
                            "version_value": "2.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Wi-Fi Alliance"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.6"
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-524 Information Exposure Through Caching"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://w1.fi/security/2019-2/",
              "refsource": "CONFIRM",
              "url": "https://w1.fi/security/2019-2/"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_19_16",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/security/advisory/Synology_SA_19_16"
            },
            {
              "name": "FEDORA-2019-d03bae77f5",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"
            },
            {
              "name": "FEDORA-2019-f409af9fbe",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"
            },
            {
              "name": "FEDORA-2019-eba1109acd",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"
            },
            {
              "name": "FreeBSD-SA-19:03",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
            },
            {
              "name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/May/40"
            },
            {
              "name": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"
            },
            {
              "name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"
            },
            {
              "name": "openSUSE-SU-2020:0222",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2019-9495",
    "datePublished": "2019-04-17T13:31:08.000Z",
    "dateReserved": "2019-03-01T00:00:00.000Z",
    "dateUpdated": "2024-08-04T21:54:44.180Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-9494 (GCVE-0-2019-9494)

Vulnerability from cvelistv5 – Published: 2019-04-17 13:31 – Updated: 2024-08-04 21:54
VLAI
Title
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side-channel attacks
Summary
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.
Severity
No CVSS data available.
CWE
  • CWE-208 - Information Exposure Through Timing Discrepancy
  • CWE-524 - Information Exposure Through Caching
Assigner
References
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:54:44.172Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://w1.fi/security/2019-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_16"
          },
          {
            "name": "FEDORA-2019-d03bae77f5",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"
          },
          {
            "name": "FEDORA-2019-f409af9fbe",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"
          },
          {
            "name": "FEDORA-2019-eba1109acd",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"
          },
          {
            "name": "FreeBSD-SA-19:03",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
          },
          {
            "name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/May/40"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"
          },
          {
            "name": "openSUSE-SU-2020:0222",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "hostapd with SAE support",
          "vendor": "Wi-Fi Alliance",
          "versions": [
            {
              "lessThanOrEqual": "2.7",
              "status": "affected",
              "version": "2.7",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "wpa_supplicant with SAE support",
          "vendor": "Wi-Fi Alliance",
          "versions": [
            {
              "lessThanOrEqual": "2.7",
              "status": "affected",
              "version": "2.7",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-208",
              "description": "CWE-208 Information Exposure Through Timing Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-524",
              "description": "CWE-524 Information Exposure Through Caching",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-16T00:06:09.000Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://w1.fi/security/2019-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/security/advisory/Synology_SA_19_16"
        },
        {
          "name": "FEDORA-2019-d03bae77f5",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"
        },
        {
          "name": "FEDORA-2019-f409af9fbe",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"
        },
        {
          "name": "FEDORA-2019-eba1109acd",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"
        },
        {
          "name": "FreeBSD-SA-19:03",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
        },
        {
          "name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/May/40"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"
        },
        {
          "name": "openSUSE-SU-2020:0222",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side-channel attacks",
      "x_generator": {
        "engine": "Vulnogram 0.0.6"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "Dragonblood",
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2019-9494",
          "STATE": "PUBLIC",
          "TITLE": "The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side-channel attacks"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "hostapd with SAE support",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "2.7",
                            "version_value": "2.7"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "wpa_supplicant with SAE support",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "2.7",
                            "version_value": "2.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Wi-Fi Alliance"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.6"
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-208 Information Exposure Through Timing Discrepancy"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-524 Information Exposure Through Caching"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://w1.fi/security/2019-1/",
              "refsource": "CONFIRM",
              "url": "https://w1.fi/security/2019-1/"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_19_16",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/security/advisory/Synology_SA_19_16"
            },
            {
              "name": "FEDORA-2019-d03bae77f5",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"
            },
            {
              "name": "FEDORA-2019-f409af9fbe",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"
            },
            {
              "name": "FEDORA-2019-eba1109acd",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"
            },
            {
              "name": "FreeBSD-SA-19:03",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
            },
            {
              "name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/May/40"
            },
            {
              "name": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"
            },
            {
              "name": "openSUSE-SU-2020:0222",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2019-9494",
    "datePublished": "2019-04-17T13:31:08.000Z",
    "dateReserved": "2019-03-01T00:00:00.000Z",
    "dateUpdated": "2024-08-04T21:54:44.172Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-2575-PGHM-6QQX

Vulnerability from github – Published: 2022-02-15 01:57 – Updated: 2023-09-18 20:18
VLAI
Summary
Kubernetes Unsafe Cacheing
Details

In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "k8s.io/client-go"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.8.0"
            },
            {
              "fixed": "1.12.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-11244"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-524",
      "CWE-732"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-07T17:22:21Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by `--cache-dir` (defaulting to `$HOME/.kube/http-cache`), written with world-writeable permissions (`rw-rw-rw-`). If `--cache-dir` is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation. ",
  "id": "GHSA-2575-pghm-6qqx",
  "modified": "2023-09-18T20:18:54Z",
  "published": "2022-02-15T01:57:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11244"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes/kubernetes/issues/76676"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes/kubernetes/pull/77874"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes/kubernetes/pull/77874/commits/f228ae3364729caed59087e23c42868454bc3ff4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes/client-go/commit/790a4f63632139cf6731014d00a9a8338f1fbd7d"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:3942"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0020"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0074"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20190509-0002"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/108064"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Kubernetes Unsafe Cacheing "
}

GHSA-35HP-HQMV-8QG8

Vulnerability from github – Published: 2026-04-28 22:28 – Updated: 2026-05-08 13:42
VLAI
Summary
Fiber's cache middleware default key generator ignores query string, causing response mix-up across distinct query parameters
Details

Summary

Fiber cache middleware's default key generator uses only c.Path() and does not include the query string. As a result, requests like /?id=1 and /?id=2 can map to the same cache key and share the same cached response.

This can cause response mix-up (cache poisoning-like behavior) for endpoints where response content depends on query parameters.

Details

Default configuration in cache middleware:

  • KeyGenerator: func(c fiber.Ctx) string { return utils.CopyString(c.Path()) }

References: - https://github.com/gofiber/fiber/blob/main/middleware/cache/config.go#L90-L92 - https://github.com/gofiber/fiber/blob/main/middleware/cache/cache_test.go#L599-L621

The existing test demonstrates that when handler output depends on query parameter id, a second request with a different query still returns the first cached response (cache hit), confirming query is not part of the default cache key.

PoC

Minimal PoC:

package main

import (
    "log"

    "github.com/gofiber/fiber/v3"
    "github.com/gofiber/fiber/v3/middleware/cache"
)

func main() {
    app := fiber.New()
    app.Use(cache.New()) // default config

    app.Get("/", func(c fiber.Ctx) error {
        return c.SendString(c.Query("id", "1"))
    })

    log.Fatal(app.Listen(":3000"))
}

Reproduction:

  1. GET /?id=1
  2. Cache miss
  3. Response body: 1
  4. GET /?id=2
  5. Cache hit
  6. Response body: 1 (expected 2)

Local verification command used:

go test ./middleware/cache -run Test_Cache_WithNoCacheRequestDirective -count=1

Observed result: test passes, confirming this is current behavior.

Impact

  • Responses that should vary by query parameters can be mixed between requests.
  • In real deployments, this may leak or corrupt user/tenant-specific content if query parameters influence context or data selection.
  • This is deployment-dependent but security-relevant, and not safe-by-default for query-variant responses.

Suggested remediation

  • Change default cache key generation to include path + normalized query string (or canonicalized original URL).
  • Keep ability for custom key generators.
  • Add explicit documentation warning that path-only keying is unsafe for query-dependent responses.
Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.1.0"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/gofiber/fiber/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-30246"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-436",
      "CWE-524"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-28T22:28:14Z",
    "nvd_published_at": "2026-05-05T13:16:28Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nFiber cache middleware\u0027s default key generator uses only `c.Path()` and does not include the query string.\nAs a result, requests like `/?id=1` and `/?id=2` can map to the same cache key and share the same cached response.\n\nThis can cause response mix-up (cache poisoning-like behavior) for endpoints where response content depends on query parameters.\n\n### Details\nDefault configuration in cache middleware:\n\n- `KeyGenerator: func(c fiber.Ctx) string { return utils.CopyString(c.Path()) }`\n\nReferences:\n- https://github.com/gofiber/fiber/blob/main/middleware/cache/config.go#L90-L92\n- https://github.com/gofiber/fiber/blob/main/middleware/cache/cache_test.go#L599-L621\n\nThe existing test demonstrates that when handler output depends on query parameter `id`, a second request with a different query still returns the first cached response (cache hit), confirming query is not part of the default cache key.\n\n### PoC\nMinimal PoC:\n\n```go\npackage main\n\nimport (\n    \"log\"\n\n    \"github.com/gofiber/fiber/v3\"\n    \"github.com/gofiber/fiber/v3/middleware/cache\"\n)\n\nfunc main() {\n    app := fiber.New()\n    app.Use(cache.New()) // default config\n\n    app.Get(\"/\", func(c fiber.Ctx) error {\n        return c.SendString(c.Query(\"id\", \"1\"))\n    })\n\n    log.Fatal(app.Listen(\":3000\"))\n}\n```\n\nReproduction:\n\n1. `GET /?id=1`\n   - Cache miss\n   - Response body: `1`\n2. `GET /?id=2`\n   - Cache hit\n   - Response body: `1` (expected `2`)\n\nLocal verification command used:\n\n```bash\ngo test ./middleware/cache -run Test_Cache_WithNoCacheRequestDirective -count=1\n```\n\nObserved result: test passes, confirming this is current behavior.\n\n### Impact\n- Responses that should vary by query parameters can be mixed between requests.\n- In real deployments, this may leak or corrupt user/tenant-specific content if query parameters influence context or data selection.\n- This is deployment-dependent but security-relevant, and not safe-by-default for query-variant responses.\n\n### Suggested remediation\n- Change default cache key generation to include path + normalized query string (or canonicalized original URL).\n- Keep ability for custom key generators.\n- Add explicit documentation warning that path-only keying is unsafe for query-dependent responses.",
  "id": "GHSA-35hp-hqmv-8qg8",
  "modified": "2026-05-08T13:42:45Z",
  "published": "2026-04-28T22:28:14Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/gofiber/fiber/security/advisories/GHSA-35hp-hqmv-8qg8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30246"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gofiber/fiber/commit/050ff1ff18511c1475b8ec627460216aaecddd4e"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gofiber/fiber/commit/9a0d12c07ed895b84c72987f9288b04137afe5de"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/gofiber/fiber"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gofiber/fiber/blob/main/middleware/cache/cache_test.go#L599-L621"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gofiber/fiber/blob/main/middleware/cache/config.go#L90-L92"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Fiber\u0027s cache middleware default key generator ignores query string, causing response mix-up across distinct query parameters"
}

GHSA-3H9F-R86X-QVJX

Vulnerability from github – Published: 2026-07-07 15:32 – Updated: 2026-07-07 15:32
VLAI
Details

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. UpdateCacheMiddleware and the cache_page() decorator cache responses that vary on cookies when the incoming request carries unrelated cookies, which allows remote attackers to read private data from the shared cache. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Chris Whyland for reporting this issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-48588"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-524"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-07T15:16:47Z",
    "severity": "LOW"
  },
  "details": "An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16.\n`UpdateCacheMiddleware` and the `cache_page()` decorator cache responses that vary on cookies when the incoming request carries unrelated cookies, which allows remote attackers to read private data from the shared cache.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Chris Whyland for reporting this issue.",
  "id": "GHSA-3h9f-r86x-qvjx",
  "modified": "2026-07-07T15:32:57Z",
  "published": "2026-07-07T15:32:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48588"
    },
    {
      "type": "WEB",
      "url": "https://docs.djangoproject.com/en/dev/releases/security"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/django-announce"
    },
    {
      "type": "WEB",
      "url": "https://www.djangoproject.com/weblog/2026/jul/07/security-releases"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-3M6R-3GW2-H96X

Vulnerability from github – Published: 2024-05-14 18:31 – Updated: 2024-05-14 18:31
VLAI
Details

SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-33004"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-524",
      "CWE-922"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-14T16:17:13Z",
    "severity": "MODERATE"
  },
  "details": "SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application.",
  "id": "GHSA-3m6r-3gw2-h96x",
  "modified": "2024-05-14T18:31:01Z",
  "published": "2024-05-14T18:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33004"
    },
    {
      "type": "WEB",
      "url": "https://me.sap.com/notes/3449093"
    },
    {
      "type": "WEB",
      "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-545H-7G69-QC2H

Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2025-12-09 18:30
VLAI
Details

Android App "Brother iPrint&Scan" versions 6.13.7 and earlier improperly uses an external cache directory. If exploited, application-specific files may be accessed from other malicious applications.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-64696"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-524"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-09T16:18:17Z",
    "severity": "MODERATE"
  },
  "details": "Android App \"Brother iPrint\u0026Scan\" versions 6.13.7 and earlier improperly uses an external cache directory. If exploited, application-specific files may be accessed from other malicious applications.",
  "id": "GHSA-545h-7g69-qc2h",
  "modified": "2025-12-09T18:30:40Z",
  "published": "2025-12-09T18:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64696"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/vu/JVNVU99973778"
    },
    {
      "type": "WEB",
      "url": "https://support.brother.com/g/s/security"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation
Architecture and Design

Protect information stored in cache.

Mitigation
Architecture and Design

Do not store unnecessarily sensitive information in the cache.

Mitigation
Architecture and Design

Consider using encryption in the cache.

CAPEC-204: Lifting Sensitive Data Embedded in Cache

An adversary examines a target application's cache, or a browser cache, for sensitive information. Many applications that communicate with remote entities or which perform intensive calculations utilize caches to improve efficiency. However, if the application computes or receives sensitive information and the cache is not appropriately protected, an attacker can browse the cache and retrieve this information. This can result in the disclosure of sensitive information.