CWE-696
Allowed-with-ReviewIncorrect Behavior Order
Abstraction: Class · Status: Incomplete
The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways that may produce resultant weaknesses.
70 vulnerabilities reference this CWE, most recent first.
GHSA-MVC8-6FFP-JRX5
Vulnerability from github – Published: 2023-12-09 03:30 – Updated: 2024-08-02 15:31A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "io.quarkus:quarkus-smallrye-graphql-client"
},
"ranges": [
{
"events": [
{
"introduced": "2.14.0"
},
{
"fixed": "3.5.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "io.quarkus:quarkus-smallrye-graphql-client"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.13.9.Final"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-6394"
],
"database_specific": {
"cwe_ids": [
"CWE-551",
"CWE-696",
"CWE-862"
],
"github_reviewed": true,
"github_reviewed_at": "2023-12-12T00:50:32Z",
"nvd_published_at": "2023-12-09T02:15:06Z",
"severity": "HIGH"
},
"details": "A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions.",
"id": "GHSA-mvc8-6ffp-jrx5",
"modified": "2024-08-02T15:31:16Z",
"published": "2023-12-09T03:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6394"
},
{
"type": "WEB",
"url": "https://github.com/quarkusio/quarkus/pull/36961"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7612"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7700"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-6394"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252197"
},
{
"type": "PACKAGE",
"url": "https://github.com/quarkusio/quarkus"
},
{
"type": "WEB",
"url": "https://github.com/quarkusio/quarkus/releases/tag/2.13.9.Final"
},
{
"type": "WEB",
"url": "https://github.com/quarkusio/quarkus/releases/tag/3.5.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Authorization bypass in Quarkus"
}
GHSA-P6J4-WVMC-VX2H
Vulnerability from github – Published: 2026-04-10 00:30 – Updated: 2026-04-10 20:20Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-vfg3-pqpq-93m4. This link is maintained to preserve external references.
Original Description
OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cite work and content handling prior to final auth decisions. Attackers can exploit this timing vulnerability to access or manipulate content before proper authorization validation occurs.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.3.22"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-696"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-10T20:20:17Z",
"nvd_published_at": "2026-04-09T22:16:32Z",
"severity": "MODERATE"
},
"details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-vfg3-pqpq-93m4. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cite work and content handling prior to final auth decisions. Attackers can exploit this timing vulnerability to access or manipulate content before proper authorization validation occurs.",
"id": "GHSA-p6j4-wvmc-vx2h",
"modified": "2026-04-10T20:20:17Z",
"published": "2026-04-10T00:30:30Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vfg3-pqpq-93m4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35637"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/3cbf932413e41d1836cb91aed1541a28a3122f93"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/ebee4e2210e1f282a982c7ef2ad79d77a572fc87"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-premature-cite-expansion-before-authorization-in-channel-and-dm"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
],
"summary": "Duplicate Advisory: OpenClaw: Tlon cite expansion happens before channel and DM authorization is complete",
"withdrawn": "2026-04-10T20:20:17Z"
}
GHSA-QXJV-288G-W43X
Vulnerability from github – Published: 2025-07-20 18:30 – Updated: 2025-11-03 21:34Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than zero.
{
"affected": [],
"aliases": [
"CVE-2025-48965"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-696"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-20T18:15:22Z",
"severity": "MODERATE"
},
"details": "Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than zero.",
"id": "GHSA-qxjv-288g-w43x",
"modified": "2025-11-03T21:34:09Z",
"published": "2025-07-20T18:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48965"
},
{
"type": "WEB",
"url": "https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-6.md"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00013.html"
},
{
"type": "WEB",
"url": "https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-RVCW-F68W-8H8H
Vulnerability from github – Published: 2021-04-19 15:00 – Updated: 2023-03-17 17:49Impact
AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. But a possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block).
Patches
A patch was released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are >=3.11.4.
Users should upgrade to ^3.11.4.
Credits
Thanks to Morgan Brown of Microsoft for bringing this up and Eva Sarafianou (@esarafianou) for helping to score this advisory.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "jose-node-cjs-runtime"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.11.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-29446"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-208",
"CWE-696"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-16T22:57:33Z",
"nvd_published_at": "2021-04-16T22:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\n\n[AES_CBC_HMAC_SHA2 Algorithm](https://tools.ietf.org/html/rfc7518#section-5.2) (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. But a possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block).\n\n### Patches\n\nA patch was released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `\u003e=3.11.4`.\n\nUsers should upgrade to `^3.11.4`.\n\n### Credits\nThanks to Morgan Brown of Microsoft for bringing this up and Eva Sarafianou (@esarafianou) for helping to score this advisory.",
"id": "GHSA-rvcw-f68w-8h8h",
"modified": "2023-03-17T17:49:57Z",
"published": "2021-04-19T15:00:05Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/panva/jose/security/advisories/GHSA-rvcw-f68w-8h8h"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29446"
},
{
"type": "PACKAGE",
"url": "https://github.com/panva/jose"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/package/jose-node-cjs-runtime"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-cjs-runtime"
}
GHSA-V93F-5RX7-JM73
Vulnerability from github – Published: 2026-04-02 18:31 – Updated: 2026-04-02 18:31In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.
{
"affected": [],
"aliases": [
"CVE-2026-35386"
],
"database_specific": {
"cwe_ids": [
"CWE-696"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-02T17:16:27Z",
"severity": "LOW"
},
"details": "In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.",
"id": "GHSA-v93f-5rx7-jm73",
"modified": "2026-04-02T18:31:38Z",
"published": "2026-04-02T18:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35386"
},
{
"type": "WEB",
"url": "https://marc.info/?l=openssh-unix-dev\u0026m=177513443901484\u0026w=2"
},
{
"type": "WEB",
"url": "https://www.openssh.org/releasenotes.html#10.3p1"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2026/04/02/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VP6V-8XW7-8J3V
Vulnerability from github – Published: 2024-08-14 15:31 – Updated: 2024-08-14 15:31Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access.
{
"affected": [],
"aliases": [
"CVE-2024-24853"
],
"database_specific": {
"cwe_ids": [
"CWE-696"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-14T14:15:21Z",
"severity": "HIGH"
},
"details": "Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access.",
"id": "GHSA-vp6v-8xw7-8j3v",
"modified": "2024-08-14T15:31:15Z",
"published": "2024-08-14T15:31:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24853"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-VXVF-XVM3-P8J5
Vulnerability from github – Published: 2026-05-05 18:33 – Updated: 2026-05-08 22:19An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "horizon"
},
"ranges": [
{
"events": [
{
"introduced": "25.6"
},
{
"fixed": "25.7.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-43002"
],
"database_specific": {
"cwe_ids": [
"CWE-696"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-08T22:19:51Z",
"nvd_published_at": "2026-05-05T17:17:04Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix.",
"id": "GHSA-vxvf-xvm3-p8j5",
"modified": "2026-05-08T22:19:51Z",
"published": "2026-05-05T18:33:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43002"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/horizon/+bug/2150331"
},
{
"type": "PACKAGE",
"url": "https://github.com/openstack/horizon"
},
{
"type": "WEB",
"url": "https://security.openstack.org/ossa/OSSA-2026-009.html"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2026/05/05/7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "OpenStack Horizon has Incorrect Behavior Order"
}
GHSA-WRVW-HG22-4M67
Vulnerability from github – Published: 2022-01-07 22:31 – Updated: 2023-01-24 15:45Summary
A potential Denial of Service issue in protobuf-java was discovered in the parsing procedure for binary data.
Reporter: OSS-Fuzz
Affected versions: All versions of Java Protobufs (including Kotlin and JRuby) prior to the versions listed below. Protobuf "javalite" users (typically Android) are not affected.
Severity
CVE-2021-22569 High - CVSS Score: 7.5, An implementation weakness in how unknown fields are parsed in Java. A small (~800 KB) malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated GC pauses.
Proof of Concept
For reproduction details, please refer to the oss-fuzz issue that identifies the specific inputs that exercise this parsing weakness.
Remediation and Mitigation
Please update to the latest available versions of the following packages:
- protobuf-java (3.16.1, 3.18.2, 3.19.2)
- protobuf-kotlin (3.18.2, 3.19.2)
- google-protobuf [JRuby gem only] (3.19.2)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.google.protobuf:protobuf-java"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.16.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "google-protobuf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.19.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.google.protobuf:protobuf-java"
},
"ranges": [
{
"events": [
{
"introduced": "3.18.0"
},
{
"fixed": "3.18.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.google.protobuf:protobuf-java"
},
"ranges": [
{
"events": [
{
"introduced": "3.19.0"
},
{
"fixed": "3.19.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.google.protobuf:protobuf-kotlin"
},
"ranges": [
{
"events": [
{
"introduced": "3.18.0"
},
{
"fixed": "3.18.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.google.protobuf:protobuf-kotlin"
},
"ranges": [
{
"events": [
{
"introduced": "3.19.0"
},
{
"fixed": "3.19.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-22569"
],
"database_specific": {
"cwe_ids": [
"CWE-696"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-07T22:23:14Z",
"nvd_published_at": "2022-01-10T14:10:00Z",
"severity": "HIGH"
},
"details": "## Summary\n\nA potential Denial of Service issue in protobuf-java was discovered in the parsing procedure for binary data.\n\nReporter: [OSS-Fuzz](https://github.com/google/oss-fuzz)\n\nAffected versions: All versions of Java Protobufs (including Kotlin and JRuby) prior to the versions listed below. Protobuf \"javalite\" users (typically Android) are not affected.\n\n## Severity\n\n[CVE-2021-22569](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22569) **High** - CVSS Score: 7.5, An implementation weakness in how unknown fields are parsed in Java. A small (~800 KB) malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated GC pauses.\n\n## Proof of Concept\n\nFor reproduction details, please refer to the oss-fuzz issue that identifies the specific inputs that exercise this parsing weakness.\n\n## Remediation and Mitigation\n\nPlease update to the latest available versions of the following packages:\n\n- protobuf-java (3.16.1, 3.18.2, 3.19.2) \n- protobuf-kotlin (3.18.2, 3.19.2)\n- google-protobuf [JRuby gem only] (3.19.2) \n",
"id": "GHSA-wrvw-hg22-4m67",
"modified": "2023-01-24T15:45:26Z",
"published": "2022-01-07T22:31:44Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22569"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39330"
},
{
"type": "WEB",
"url": "https://cloud.google.com/support/bulletins#gcp-2022-001"
},
{
"type": "PACKAGE",
"url": "https://github.com/protocolbuffers/protobuf"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/01/12/4"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/01/12/7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "A potential Denial of Service issue in protobuf-java"
}
GHSA-X368-W88J-3C3R
Vulnerability from github – Published: 2024-04-12 18:33 – Updated: 2025-02-06 21:32An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity impact to networks downstream of the vulnerable device.
When an output firewall filter is applied to an interface it doesn't recognize matching packets but permits any traffic. This issue affects Junos OS 21.4 releases from 21.4R1 earlier than 21.4R3-S6. This issue does not affect Junos OS releases earlier than 21.4R1.
{
"affected": [],
"aliases": [
"CVE-2024-30389"
],
"database_specific": {
"cwe_ids": [
"CWE-696"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-12T16:15:38Z",
"severity": "MODERATE"
},
"details": "An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity impact to networks downstream of the vulnerable device.\n\nWhen an output firewall filter is applied to an interface it doesn\u0027t recognize matching packets but permits any traffic.\nThis issue affects Junos OS 21.4 releases from 21.4R1 earlier than 21.4R3-S6.\nThis issue does not affect Junos OS releases earlier than 21.4R1.",
"id": "GHSA-x368-w88j-3c3r",
"modified": "2025-02-06T21:32:05Z",
"published": "2024-04-12T18:33:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30389"
},
{
"type": "WEB",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"
},
{
"type": "WEB",
"url": "http://supportportal.juniper.net/JSA79185"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-XQ6X-XXJ4-MWGQ
Vulnerability from github – Published: 2023-07-26 15:30 – Updated: 2024-04-04 06:22The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.
{
"affected": [],
"aliases": [
"CVE-2023-33224"
],
"database_specific": {
"cwe_ids": [
"CWE-696"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-26T14:15:10Z",
"severity": "HIGH"
},
"details": "The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.",
"id": "GHSA-xq6x-xxj4-mwgq",
"modified": "2024-04-04T06:22:01Z",
"published": "2023-07-26T15:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33224"
},
{
"type": "WEB",
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm"
},
{
"type": "WEB",
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2023-33224"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.