Common Weakness Enumeration

CWE-922

Allowed-with-Review

Insecure Storage of Sensitive Information

Abstraction: Class · Status: Incomplete

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

437 vulnerabilities reference this CWE, most recent first.

GHSA-PQ42-5FQR-W8CX

Vulnerability from github – Published: 2024-11-26 12:41 – Updated: 2024-11-26 12:41
VLAI
Details

The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the render_content function in class/elements/views/class-tabs-view.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-8899"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-922"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-26T11:22:09Z",
    "severity": "MODERATE"
  },
  "details": "The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the render_content function in class/elements/views/class-tabs-view.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.",
  "id": "GHSA-pq42-5fqr-w8cx",
  "modified": "2024-11-26T12:41:37Z",
  "published": "2024-11-26T12:41:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8899"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3193980/jeg-elementor-kit"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4efc9c47-321a-4635-943f-785ffc34d851?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PRW5-VH65-6497

Vulnerability from github – Published: 2022-09-13 00:00 – Updated: 2022-09-16 00:00
VLAI
Details

Torguard VPN 4.8, has a vulnerability that allows an attacker to dump sensitive information, such as credentials and information about the server, without admin privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-37835"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-922"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-12T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "Torguard VPN 4.8, has a vulnerability that allows an attacker to dump sensitive information, such as credentials and information about the server, without admin privileges.",
  "id": "GHSA-prw5-vh65-6497",
  "modified": "2022-09-16T00:00:40Z",
  "published": "2022-09-13T00:00:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37835"
    },
    {
      "type": "WEB",
      "url": "https://almorabea.net/cves/torguard.html"
    },
    {
      "type": "WEB",
      "url": "https://torguard.net"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PVGW-2QH3-CJ63

Vulnerability from github – Published: 2024-02-21 09:31 – Updated: 2025-11-04 21:31
VLAI
Details

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-42878"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-922"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-21T07:15:50Z",
    "severity": "MODERATE"
  },
  "details": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.",
  "id": "GHSA-pvgw-2qh3-cj63",
  "modified": "2025-11-04T21:31:11Z",
  "published": "2024-02-21T09:31:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42878"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213982"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213984"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213988"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213982"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213984"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213988"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q2V2-27XW-WHH5

Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-05-24 17:41
VLAI
Details

An issue was discovered on FiberHome HG6245D devices through RP2613. By default, there are no firewall rules for IPv6 connectivity, exposing the internal management interfaces to the Internet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-27170"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-922"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-10T19:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered on FiberHome HG6245D devices through RP2613. By default, there are no firewall rules for IPv6 connectivity, exposing the internal management interfaces to the Internet.",
  "id": "GHSA-q2v2-27xw-whh5",
  "modified": "2022-05-24T17:41:51Z",
  "published": "2022-05-24T17:41:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27170"
    },
    {
      "type": "WEB",
      "url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#insecure-ipv6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-Q4HF-CJ39-2G9P

Vulnerability from github – Published: 2024-10-29 00:31 – Updated: 2026-04-02 21:32
VLAI
Details

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to access user-sensitive data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-44216"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-922"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-28T22:15:02Z",
    "severity": "MODERATE"
  },
  "details": "An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to access user-sensitive data.",
  "id": "GHSA-q4hf-cj39-2g9p",
  "modified": "2026-04-02T21:32:00Z",
  "published": "2024-10-29T00:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44216"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/121564"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/121568"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/121570"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Oct/11"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Oct/12"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Oct/13"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q63W-G4HG-GVCW

Vulnerability from github – Published: 2022-09-25 00:00 – Updated: 2022-09-27 00:00
VLAI
Details

Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-41320"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-922"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-23T05:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access.",
  "id": "GHSA-q63w-g4hg-gvcw",
  "modified": "2022-09-27T00:00:20Z",
  "published": "2022-09-25T00:00:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41320"
    },
    {
      "type": "WEB",
      "url": "https://www.veritas.com/content/support/en_US/security/VTS21-002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q6JH-8FJM-G6WR

Vulnerability from github – Published: 2023-12-29 03:30 – Updated: 2024-10-29 21:30
VLAI
Details

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-23437"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-922"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-29T03:15:10Z",
    "severity": "LOW"
  },
  "details": "\nSome Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak\n\n",
  "id": "GHSA-q6jh-8fjm-g6wr",
  "modified": "2024-10-29T21:30:44Z",
  "published": "2023-12-29T03:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23437"
    },
    {
      "type": "WEB",
      "url": "https://www.hihonor.com/global/security/cve-2023-23437"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q6XQ-FWHH-M47H

Vulnerability from github – Published: 2023-05-08 21:31 – Updated: 2024-04-04 03:51
VLAI
Details

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to access user-sensitive data

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-23542"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-922"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-08T20:15:16Z",
    "severity": "MODERATE"
  },
  "details": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to access user-sensitive data",
  "id": "GHSA-q6xq-fwhh-m47h",
  "modified": "2024-04-04T03:51:34Z",
  "published": "2023-05-08T21:31:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23542"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213670"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213675"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213677"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q7MG-8RWJ-GMWQ

Vulnerability from github – Published: 2024-10-15 21:30 – Updated: 2024-11-08 15:31
VLAI
Details

An issue in Ruijie NBR3000D-E Gateway allows a remote attacker to obtain sensitive information via the /tool/shell/postgresql.conf component.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-48783"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-922"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-15T21:15:11Z",
    "severity": "HIGH"
  },
  "details": "An issue in Ruijie NBR3000D-E Gateway allows a remote attacker to obtain sensitive information via the /tool/shell/postgresql.conf component.",
  "id": "GHSA-q7mg-8rwj-gmwq",
  "modified": "2024-11-08T15:31:11Z",
  "published": "2024-10-15T21:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48783"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/zty-1995/8495b81e8d257e8f6df102a32ec3c583"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q929-CPV5-C2HF

Vulnerability from github – Published: 2023-02-03 18:30 – Updated: 2023-02-10 03:30
VLAI
Details

Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-36546"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-922"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-03T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL.",
  "id": "GHSA-q929-cpv5-c2hf",
  "modified": "2023-02-10T03:30:20Z",
  "published": "2023-02-03T18:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36546"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Kitesky/KiteCMS/issues/10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.