CWE-203
Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
CVE-2021-29445 (GCVE-0-2021-29445)
Vulnerability from cvelistv5 – Published: 2021-04-16 21:50 – Updated: 2024-08-03 22:02
VLAI
Title
Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime
Summary
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. But a possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). A patch was released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `>=3.11.4`. Users should upgrade to `^3.11.4`.
Severity
5.9 (Medium)
CWE
- CWE-203 - {"CWE-203":"Observable Discrepancy"}
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/panva/jose/security/advisories… | x_refsource_CONFIRM |
| https://www.npmjs.com/package/jose-node-esm-runtime | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| panva | jose-node-esm-runtime |
Affected:
< 3.11.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:51.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/panva/jose/security/advisories/GHSA-4v4g-726h-xvfv"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.npmjs.com/package/jose-node-esm-runtime"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "jose-node-esm-runtime",
"vendor": "panva",
"versions": [
{
"status": "affected",
"version": "\u003c 3.11.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. But a possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). A patch was released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `\u003e=3.11.4`. Users should upgrade to `^3.11.4`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "{\"CWE-203\":\"Observable Discrepancy\"}",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-16T21:50:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/panva/jose/security/advisories/GHSA-4v4g-726h-xvfv"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.npmjs.com/package/jose-node-esm-runtime"
}
],
"source": {
"advisory": "GHSA-4v4g-726h-xvfv",
"discovery": "UNKNOWN"
},
"title": "Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29445",
"STATE": "PUBLIC",
"TITLE": "Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jose-node-esm-runtime",
"version": {
"version_data": [
{
"version_value": "\u003c 3.11.4"
}
]
}
}
]
},
"vendor_name": "panva"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. But a possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). A patch was released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `\u003e=3.11.4`. Users should upgrade to `^3.11.4`."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-203\":\"Observable Discrepancy\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/panva/jose/security/advisories/GHSA-4v4g-726h-xvfv",
"refsource": "CONFIRM",
"url": "https://github.com/panva/jose/security/advisories/GHSA-4v4g-726h-xvfv"
},
{
"name": "https://www.npmjs.com/package/jose-node-esm-runtime",
"refsource": "MISC",
"url": "https://www.npmjs.com/package/jose-node-esm-runtime"
}
]
},
"source": {
"advisory": "GHSA-4v4g-726h-xvfv",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-29445",
"datePublished": "2021-04-16T21:50:13.000Z",
"dateReserved": "2021-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:02:51.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29446 (GCVE-0-2021-29446)
Vulnerability from cvelistv5 – Published: 2021-04-16 22:00 – Updated: 2024-08-03 22:02
VLAI
Title
Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-cjs-runtime
Summary
jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. But a possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). A patch was released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `>=3.11.4`. Users should upgrade to `^3.11.4`.
Severity
5.9 (Medium)
CWE
- CWE-203 - {"CWE-203":"Observable Discrepancy"}
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/panva/jose/security/advisories… | x_refsource_CONFIRM |
| https://www.npmjs.com/package/jose-node-cjs-runtime | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| panva | jose-node-cjs-runtime |
Affected:
< 3.11.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:51.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/panva/jose/security/advisories/GHSA-rvcw-f68w-8h8h"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.npmjs.com/package/jose-node-cjs-runtime"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "jose-node-cjs-runtime",
"vendor": "panva",
"versions": [
{
"status": "affected",
"version": "\u003c 3.11.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. But a possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). A patch was released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `\u003e=3.11.4`. Users should upgrade to `^3.11.4`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "{\"CWE-203\":\"Observable Discrepancy\"}",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-16T22:00:15.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/panva/jose/security/advisories/GHSA-rvcw-f68w-8h8h"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.npmjs.com/package/jose-node-cjs-runtime"
}
],
"source": {
"advisory": "GHSA-rvcw-f68w-8h8h",
"discovery": "UNKNOWN"
},
"title": "Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-cjs-runtime",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29446",
"STATE": "PUBLIC",
"TITLE": "Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-cjs-runtime"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jose-node-cjs-runtime",
"version": {
"version_data": [
{
"version_value": "\u003c 3.11.4"
}
]
}
}
]
},
"vendor_name": "panva"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. But a possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). A patch was released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `\u003e=3.11.4`. Users should upgrade to `^3.11.4`."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-203\":\"Observable Discrepancy\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/panva/jose/security/advisories/GHSA-rvcw-f68w-8h8h",
"refsource": "CONFIRM",
"url": "https://github.com/panva/jose/security/advisories/GHSA-rvcw-f68w-8h8h"
},
{
"name": "https://www.npmjs.com/package/jose-node-cjs-runtime",
"refsource": "MISC",
"url": "https://www.npmjs.com/package/jose-node-cjs-runtime"
}
]
},
"source": {
"advisory": "GHSA-rvcw-f68w-8h8h",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-29446",
"datePublished": "2021-04-16T22:00:15.000Z",
"dateReserved": "2021-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:02:51.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29621 (GCVE-0-2021-29621)
Vulnerability from cvelistv5 – Published: 2021-06-07 19:00 – Updated: 2024-08-03 22:11
VLAI
Title
Observable Response Discrepancy in Flask-AppBuilder
Summary
Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder <= 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version 3.3.0 or higher to resolve.
Severity
5.3 (Medium)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/dpgaspar/Flask-AppBuilder/secu… | x_refsource_CONFIRM |
| https://github.com/dpgaspar/Flask-AppBuilder/comm… | x_refsource_MISC |
| https://pypi.org/project/Flask-AppBuilder/ | x_refsource_MISC |
| https://lists.apache.org/thread.html/r5b754118ba4… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r466759f3776… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r91067f95390… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| dpgaspar | Flask-AppBuilder |
Affected:
< 3.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:11:06.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-434h-p4gx-jm89"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dpgaspar/Flask-AppBuilder/commit/780bd0e8fbf2d36ada52edb769477e0a4edae580"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pypi.org/project/Flask-AppBuilder/"
},
{
"name": "[announce] 20210618 Apache Airflow CVE: CVE-2021-29621: User enumeration in database authentication in Flask-AppBuilder \u003c= 3.2.3.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5b754118ba4e996adf03863705d34168bffec202da5c6bdc9bf3add5%40%3Cannounce.apache.org%3E"
},
{
"name": "[announce] 20210623 Success at Apache: Security in Practice",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352%40%3Cannounce.apache.org%3E"
},
{
"name": "[airflow-commits] 20210712 [GitHub] [airflow] ashb commented on pull request #16942: Relax version constraint on ``Flask-Appbuilder``",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r91067f953906d93aaa1c69fe2b5472754019cc6bd4f1ba81349d62a0%40%3Ccommits.airflow.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Flask-AppBuilder",
"vendor": "dpgaspar",
"versions": [
{
"status": "affected",
"version": "\u003c 3.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder \u003c= 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version 3.3.0 or higher to resolve."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203: Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-12T21:06:16.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-434h-p4gx-jm89"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dpgaspar/Flask-AppBuilder/commit/780bd0e8fbf2d36ada52edb769477e0a4edae580"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pypi.org/project/Flask-AppBuilder/"
},
{
"name": "[announce] 20210618 Apache Airflow CVE: CVE-2021-29621: User enumeration in database authentication in Flask-AppBuilder \u003c= 3.2.3.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5b754118ba4e996adf03863705d34168bffec202da5c6bdc9bf3add5%40%3Cannounce.apache.org%3E"
},
{
"name": "[announce] 20210623 Success at Apache: Security in Practice",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352%40%3Cannounce.apache.org%3E"
},
{
"name": "[airflow-commits] 20210712 [GitHub] [airflow] ashb commented on pull request #16942: Relax version constraint on ``Flask-Appbuilder``",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r91067f953906d93aaa1c69fe2b5472754019cc6bd4f1ba81349d62a0%40%3Ccommits.airflow.apache.org%3E"
}
],
"source": {
"advisory": "GHSA-434h-p4gx-jm89",
"discovery": "UNKNOWN"
},
"title": "Observable Response Discrepancy in Flask-AppBuilder",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29621",
"STATE": "PUBLIC",
"TITLE": "Observable Response Discrepancy in Flask-AppBuilder"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Flask-AppBuilder",
"version": {
"version_data": [
{
"version_value": "\u003c 3.3.0"
}
]
}
}
]
},
"vendor_name": "dpgaspar"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder \u003c= 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version 3.3.0 or higher to resolve."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203: Observable Discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-434h-p4gx-jm89",
"refsource": "CONFIRM",
"url": "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-434h-p4gx-jm89"
},
{
"name": "https://github.com/dpgaspar/Flask-AppBuilder/commit/780bd0e8fbf2d36ada52edb769477e0a4edae580",
"refsource": "MISC",
"url": "https://github.com/dpgaspar/Flask-AppBuilder/commit/780bd0e8fbf2d36ada52edb769477e0a4edae580"
},
{
"name": "https://pypi.org/project/Flask-AppBuilder/",
"refsource": "MISC",
"url": "https://pypi.org/project/Flask-AppBuilder/"
},
{
"name": "[announce] 20210618 Apache Airflow CVE: CVE-2021-29621: User enumeration in database authentication in Flask-AppBuilder \u003c= 3.2.3.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5b754118ba4e996adf03863705d34168bffec202da5c6bdc9bf3add5@%3Cannounce.apache.org%3E"
},
{
"name": "[announce] 20210623 Success at Apache: Security in Practice",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352@%3Cannounce.apache.org%3E"
},
{
"name": "[airflow-commits] 20210712 [GitHub] [airflow] ashb commented on pull request #16942: Relax version constraint on ``Flask-Appbuilder``",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r91067f953906d93aaa1c69fe2b5472754019cc6bd4f1ba81349d62a0@%3Ccommits.airflow.apache.org%3E"
}
]
},
"source": {
"advisory": "GHSA-434h-p4gx-jm89",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-29621",
"datePublished": "2021-06-07T19:00:12.000Z",
"dateReserved": "2021-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:11:06.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33845 (GCVE-0-2021-33845)
Vulnerability from cvelistv5 – Published: 2022-05-06 16:35 – Updated: 2024-08-04 00:05
VLAI
Title
Username enumeration through lockout message in REST API
Summary
The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors.
Severity
5.3 (Medium)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.splunk.com/en_us/product-security/ann… | x_refsource_MISC |
| https://research.splunk.com/application/splunk_us… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Splunk | Splunk Enterprise |
Affected:
Version(s) before 8.1.7
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:05:51.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0502.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.splunk.com/application/splunk_user_enumeration_attempt/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"status": "affected",
"version": "Version(s) before 8.1.7"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kyle Bambrick"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-06T16:35:58.000Z",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0502.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.splunk.com/application/splunk_user_enumeration_attempt/"
}
],
"source": {
"advisory": "SVD-2022-0502",
"discovery": "EXTERNAL"
},
"title": "Username enumeration through lockout message in REST API",
"x_generator": {
"engine": "advisoriator"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "prodsec@splunk.com",
"ID": "CVE-2021-33845",
"STATE": "PUBLIC",
"TITLE": "Username enumeration through lockout message in REST API"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_value": "Version(s) before 8.1.7"
}
]
}
}
]
},
"vendor_name": "Splunk"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kyle Bambrick"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors."
}
]
},
"generator": {
"engine": "advisoriator"
},
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0502.html",
"refsource": "MISC",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0502.html"
},
{
"name": "https://research.splunk.com/application/splunk_user_enumeration_attempt/",
"refsource": "MISC",
"url": "https://research.splunk.com/application/splunk_user_enumeration_attempt/"
}
]
},
"source": {
"advisory": "SVD-2022-0502",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2021-33845",
"datePublished": "2022-05-06T16:35:58.000Z",
"dateReserved": "2021-11-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:05:51.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34575 (GCVE-0-2021-34575)
Vulnerability from cvelistv5 – Published: 2021-08-02 10:24 – Updated: 2024-09-16 22:46
VLAI
Title
Information Exposure in mymbCONNECT24, mbCONNECT24 <= 2.8.0
Summary
In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends.
Severity
7.5 (High)
CWE
- CWE-203 - Information Exposure Through Discrepancy
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert.vde.com/de-de/advisories/vde-2021-030 | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| MB connect line | mymbCONNECT24 |
Affected:
2.8.0 , ≤ 2.8.0
(custom)
|
|
| MB connect line | mbCONNECT24 |
Affected:
2.8.0 , ≤ 2.8.0
(custom)
|
Date Public
2021-07-23 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:46.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-030"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mymbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.8.0",
"status": "affected",
"version": "2.8.0",
"versionType": "custom"
}
]
},
{
"product": "mbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.8.0",
"status": "affected",
"version": "2.8.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
}
],
"datePublic": "2021-07-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In MB connect line mymbCONNECT24, mbCONNECT24 in versions \u003c= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Information Exposure Through Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-02T10:24:32.000Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-030"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 2.9.0"
}
],
"source": {
"advisory": "VDE-2021-030",
"discovery": "EXTERNAL"
},
"title": "Information Exposure in mymbCONNECT24, mbCONNECT24 \u003c= 2.8.0",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-07-23T12:50:00.000Z",
"ID": "CVE-2021-34575",
"STATE": "PUBLIC",
"TITLE": "Information Exposure in mymbCONNECT24, mbCONNECT24 \u003c= 2.8.0"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mymbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.8.0",
"version_value": "2.8.0"
}
]
}
},
{
"product_name": "mbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.8.0",
"version_value": "2.8.0"
}
]
}
}
]
},
"vendor_name": "MB connect line"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In MB connect line mymbCONNECT24, mbCONNECT24 in versions \u003c= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203 Information Exposure Through Discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-030",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-030"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 2.9.0"
}
],
"source": {
"advisory": "VDE-2021-030",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34575",
"datePublished": "2021-08-02T10:24:32.820Z",
"dateReserved": "2021-06-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:46:43.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34576 (GCVE-0-2021-34576)
Vulnerability from cvelistv5 – Published: 2021-09-16 12:20 – Updated: 2024-09-17 02:31
VLAI
Title
Observable discrepancy in Kaden PICOFLUX AiR leaks water consumption
Summary
In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third parties.
Severity
4.3 (Medium)
CWE
- CWE-203 - Information Exposure Through Discrepancy
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.fit.vutbr.cz/~polcak/CVE-2021-34576.en | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kaden | PICOFLUX AiR |
Affected:
all
|
Date Public
2021-08-31 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:47.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34576.en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PICOFLUX AiR",
"vendor": "Kaden",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Libor POL\u010c\u00c1K reported to CERT@VDE"
}
],
"datePublic": "2021-08-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third parties."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Information Exposure Through Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-16T12:20:19.000Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34576.en"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Observable discrepancy in Kaden PICOFLUX AiR leaks water consumption",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-08-31T22:00:00.000Z",
"ID": "CVE-2021-34576",
"STATE": "PUBLIC",
"TITLE": "Observable discrepancy in Kaden PICOFLUX AiR leaks water consumption"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PICOFLUX AiR",
"version": {
"version_data": [
{
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "Kaden"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Libor POL\u010c\u00c1K reported to CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third parties."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203 Information Exposure Through Discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34576.en",
"refsource": "CONFIRM",
"url": "https://www.fit.vutbr.cz/~polcak/CVE-2021-34576.en"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34576",
"datePublished": "2021-09-16T12:20:19.792Z",
"dateReserved": "2021-06-10T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:31:17.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3642 (GCVE-0-2021-3642)
Vulnerability from cvelistv5 – Published: 2021-08-05 20:48 – Updated: 2024-08-03 17:01
VLAI
Summary
A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1981407 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | wildfly-elytron |
Affected:
Wildfly Elytron 1.10.14.Final, Wildfly Elytron 1.15.5.Final, Wildfly Elytron 1.16.1.Final
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981407"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wildfly-elytron",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Wildfly Elytron 1.10.14.Final, Wildfly Elytron 1.15.5.Final, Wildfly Elytron 1.16.1.Final"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T17:37:38.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981407"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wildfly-elytron",
"version": {
"version_data": [
{
"version_value": "Wildfly Elytron 1.10.14.Final, Wildfly Elytron 1.15.5.Final, Wildfly Elytron 1.16.1.Final"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1981407",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981407"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3642",
"datePublished": "2021-08-05T20:48:01.000Z",
"dateReserved": "2021-07-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:01:07.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38153 (GCVE-0-2021-38153)
Vulnerability from cvelistv5 – Published: 2021-09-22 09:05 – Updated: 2024-08-04 01:37
VLAI
Title
Timing Attack Vulnerability for Apache Kafka Connect and Clients
Summary
Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed. The affected versions include Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and 2.8.0.
Severity
No CVSS data available.
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://kafka.apache.org/cve-list | x_refsource_MISC |
| https://lists.apache.org/thread.html/r35322aec467… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r45cc0602d5f… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r45cc0602d5f… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/rd9ef217b09f… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/rd9ef217b09f… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r26390c8b09e… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r26390c8b09e… | mailing-listx_refsource_MLIST |
| https://www.oracle.com/security-alerts/cpujan2022.html | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Kafka |
Affected:
Apache Kafka 2.0.x , ≤ 2.0.1
(custom)
Affected: Apache Kafka 2.1.x , ≤ 2.1.1 (custom) Affected: Apache Kafka 2.2.x , ≤ 2.2.2 (custom) Affected: Apache Kafka 2.3.x , ≤ 2.3.1 (custom) Affected: Apache Kafka 2.4.x , ≤ 2.4.1 (custom) Affected: Apache Kafka 2.5.x , ≤ 2.5.1 (custom) Affected: Apache Kafka 2.6.x , ≤ 2.6.2 (custom) Affected: Apache Kafka 2.7.x , ≤ 2.7.1 (custom) Affected: Apache Kafka 2.8.x , ≤ 2.8.0 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:37:15.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kafka.apache.org/cve-list"
},
{
"name": "[kafka-dev] 20211007 Re: CVE Back Port?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r35322aec467ddae34002690edaa4d9f16e7df9b5bf7164869b75b62c%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20211012 [VOTE] 2.6.3 RC0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r45cc0602d5f2cbb72e48896dfadf5e5b87ed85630449598b40e8f0be%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20211012 [VOTE] 2.6.3 RC0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r45cc0602d5f2cbb72e48896dfadf5e5b87ed85630449598b40e8f0be%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20211012 [VOTE] 2.7.2 RC0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd9ef217b09fdefaf32a4e1835b59b96629542db57e1f63edb8b006e6%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20211012 [VOTE] 2.7.2 RC0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd9ef217b09fdefaf32a4e1835b59b96629542db57e1f63edb8b006e6%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20211026 Re: [kafka-clients] [VOTE] 2.7.2 RC0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r26390c8b09ecfa356582d665b0c01f4cdcf16ac047c85f9f9f06a88c%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20211026 Re: [kafka-clients] [VOTE] 2.7.2 RC0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r26390c8b09ecfa356582d665b0c01f4cdcf16ac047c85f9f9f06a88c%40%3Cdev.kafka.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Kafka",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.0.1",
"status": "affected",
"version": "Apache Kafka 2.0.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.1.1",
"status": "affected",
"version": "Apache Kafka 2.1.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.2.2",
"status": "affected",
"version": "Apache Kafka 2.2.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.3.1",
"status": "affected",
"version": "Apache Kafka 2.3.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.1",
"status": "affected",
"version": "Apache Kafka 2.4.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.5.1",
"status": "affected",
"version": "Apache Kafka 2.5.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.2",
"status": "affected",
"version": "Apache Kafka 2.6.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.7.1",
"status": "affected",
"version": "Apache Kafka 2.7.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.8.0",
"status": "affected",
"version": "Apache Kafka 2.8.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache Kafka would like to thank J. Santilli for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed. The affected versions include Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and 2.8.0."
}
],
"metrics": [
{
"other": {
"content": {
"other": "moderate"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:31:36.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kafka.apache.org/cve-list"
},
{
"name": "[kafka-dev] 20211007 Re: CVE Back Port?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r35322aec467ddae34002690edaa4d9f16e7df9b5bf7164869b75b62c%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20211012 [VOTE] 2.6.3 RC0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r45cc0602d5f2cbb72e48896dfadf5e5b87ed85630449598b40e8f0be%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20211012 [VOTE] 2.6.3 RC0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r45cc0602d5f2cbb72e48896dfadf5e5b87ed85630449598b40e8f0be%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20211012 [VOTE] 2.7.2 RC0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd9ef217b09fdefaf32a4e1835b59b96629542db57e1f63edb8b006e6%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20211012 [VOTE] 2.7.2 RC0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd9ef217b09fdefaf32a4e1835b59b96629542db57e1f63edb8b006e6%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20211026 Re: [kafka-clients] [VOTE] 2.7.2 RC0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r26390c8b09ecfa356582d665b0c01f4cdcf16ac047c85f9f9f06a88c%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20211026 Re: [kafka-clients] [VOTE] 2.7.2 RC0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r26390c8b09ecfa356582d665b0c01f4cdcf16ac047c85f9f9f06a88c%40%3Cdev.kafka.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Timing Attack Vulnerability for Apache Kafka Connect and Clients",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-38153",
"STATE": "PUBLIC",
"TITLE": "Timing Attack Vulnerability for Apache Kafka Connect and Clients"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Kafka",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "Apache Kafka 2.0.x",
"version_value": "2.0.1"
},
{
"version_affected": "\u003c=",
"version_name": "Apache Kafka 2.1.x",
"version_value": "2.1.1"
},
{
"version_affected": "\u003c=",
"version_name": "Apache Kafka 2.2.x",
"version_value": "2.2.2"
},
{
"version_affected": "\u003c=",
"version_name": "Apache Kafka 2.3.x",
"version_value": "2.3.1"
},
{
"version_affected": "\u003c=",
"version_name": "Apache Kafka 2.4.x",
"version_value": "2.4.1"
},
{
"version_affected": "\u003c=",
"version_name": "Apache Kafka 2.5.x",
"version_value": "2.5.1"
},
{
"version_affected": "\u003c=",
"version_name": "Apache Kafka 2.6.x",
"version_value": "2.6.2"
},
{
"version_affected": "\u003c=",
"version_name": "Apache Kafka 2.7.x",
"version_value": "2.7.1"
},
{
"version_affected": "\u003c=",
"version_name": "Apache Kafka 2.8.x",
"version_value": "2.8.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache Kafka would like to thank J. Santilli for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed. The affected versions include Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and 2.8.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "moderate"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203 Observable Discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kafka.apache.org/cve-list",
"refsource": "MISC",
"url": "https://kafka.apache.org/cve-list"
},
{
"name": "[kafka-dev] 20211007 Re: CVE Back Port?",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r35322aec467ddae34002690edaa4d9f16e7df9b5bf7164869b75b62c@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20211012 [VOTE] 2.6.3 RC0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r45cc0602d5f2cbb72e48896dfadf5e5b87ed85630449598b40e8f0be@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20211012 [VOTE] 2.6.3 RC0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r45cc0602d5f2cbb72e48896dfadf5e5b87ed85630449598b40e8f0be@%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20211012 [VOTE] 2.7.2 RC0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd9ef217b09fdefaf32a4e1835b59b96629542db57e1f63edb8b006e6@%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20211012 [VOTE] 2.7.2 RC0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd9ef217b09fdefaf32a4e1835b59b96629542db57e1f63edb8b006e6@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20211026 Re: [kafka-clients] [VOTE] 2.7.2 RC0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r26390c8b09ecfa356582d665b0c01f4cdcf16ac047c85f9f9f06a88c@%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20211026 Re: [kafka-clients] [VOTE] 2.7.2 RC0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r26390c8b09ecfa356582d665b0c01f4cdcf16ac047c85f9f9f06a88c@%3Cdev.kafka.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-38153",
"datePublished": "2021-09-22T09:05:11.000Z",
"dateReserved": "2021-08-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:37:15.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4286 (GCVE-0-2021-4286)
Vulnerability from cvelistv5 – Published: 2022-12-27 10:21 – Updated: 2025-04-11 16:46
VLAI
Title
cocagne pysrp _ctsrp.py calculate_x information exposure
Summary
A vulnerability, which was classified as problematic, has been found in cocagne pysrp up to 1.0.16. This issue affects the function calculate_x of the file srp/_ctsrp.py. The manipulation leads to information exposure through discrepancy. Upgrading to version 1.0.17 is able to address this issue. The name of the patch is dba52642f5e95d3da7af1780561213ee6053195f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216875.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-203 - Information Exposure Through Discrepancy
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.216875 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.216875 | signaturepermissions-required |
| https://github.com/cocagne/pysrp/pull/43 | issue-tracking |
| https://github.com/cocagne/pysrp/commit/dba52642f… | patch |
| https://github.com/cocagne/pysrp/releases/tag/1.0.17 | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| cocagne | pysrp |
Affected:
1.0.0
Affected: 1.0.1 Affected: 1.0.2 Affected: 1.0.3 Affected: 1.0.4 Affected: 1.0.5 Affected: 1.0.6 Affected: 1.0.7 Affected: 1.0.8 Affected: 1.0.9 Affected: 1.0.10 Affected: 1.0.11 Affected: 1.0.12 Affected: 1.0.13 Affected: 1.0.14 Affected: 1.0.15 Affected: 1.0.16 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:23:10.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.216875"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.216875"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/cocagne/pysrp/pull/43"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/cocagne/pysrp/commit/dba52642f5e95d3da7af1780561213ee6053195f"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/cocagne/pysrp/releases/tag/1.0.17"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-4286",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T16:46:15.696359Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T16:46:27.585Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pysrp",
"vendor": "cocagne",
"versions": [
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.2"
},
{
"status": "affected",
"version": "1.0.3"
},
{
"status": "affected",
"version": "1.0.4"
},
{
"status": "affected",
"version": "1.0.5"
},
{
"status": "affected",
"version": "1.0.6"
},
{
"status": "affected",
"version": "1.0.7"
},
{
"status": "affected",
"version": "1.0.8"
},
{
"status": "affected",
"version": "1.0.9"
},
{
"status": "affected",
"version": "1.0.10"
},
{
"status": "affected",
"version": "1.0.11"
},
{
"status": "affected",
"version": "1.0.12"
},
{
"status": "affected",
"version": "1.0.13"
},
{
"status": "affected",
"version": "1.0.14"
},
{
"status": "affected",
"version": "1.0.15"
},
{
"status": "affected",
"version": "1.0.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in cocagne pysrp up to 1.0.16. This issue affects the function calculate_x of the file srp/_ctsrp.py. The manipulation leads to information exposure through discrepancy. Upgrading to version 1.0.17 is able to address this issue. The name of the patch is dba52642f5e95d3da7af1780561213ee6053195f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216875."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in cocagne pysrp bis 1.0.16 entdeckt. Sie wurde als problematisch eingestuft. Davon betroffen ist die Funktion calculate_x der Datei srp/_ctsrp.py. Durch Beeinflussen mit unbekannten Daten kann eine information exposure through discrepancy-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.0.17 vermag dieses Problem zu l\u00f6sen. Der Patch wird als dba52642f5e95d3da7af1780561213ee6053195f bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Information Exposure Through Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T10:21:16.703Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.216875"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.216875"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/cocagne/pysrp/pull/43"
},
{
"tags": [
"patch"
],
"url": "https://github.com/cocagne/pysrp/commit/dba52642f5e95d3da7af1780561213ee6053195f"
},
{
"tags": [
"patch"
],
"url": "https://github.com/cocagne/pysrp/releases/tag/1.0.17"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-12-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2022-12-27T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2022-12-27T11:26:13.000Z",
"value": "VulDB last update"
}
],
"title": "cocagne pysrp _ctsrp.py calculate_x information exposure"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2021-4286",
"datePublished": "2022-12-27T10:21:16.703Z",
"dateReserved": "2022-12-27T10:19:36.661Z",
"dateUpdated": "2025-04-11T16:46:27.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45925 (GCVE-0-2021-45925)
Vulnerability from cvelistv5 – Published: 2022-10-24 00:00 – Updated: 2025-05-07 13:51
VLAI
Title
Username Enumeration
Summary
Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-203 - Information Exposure Through Discrepancy
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lanner Inc | IAC-AST2500A |
Affected:
1.10.0
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:54:31.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-45925/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-45925",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T13:51:20.736140Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T13:51:47.591Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "IAC-AST2500A",
"vendor": "Lanner Inc",
"versions": [
{
"status": "affected",
"version": "1.10.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Andrea Palanca of Nozomi Networks found this bug during a security research activity."
}
],
"descriptions": [
{
"lang": "en",
"value": "Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Information Exposure Through Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-01T00:00:00.000Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/"
},
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-45925/"
}
],
"source": {
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-45925/",
"discovery": "EXTERNAL"
},
"title": "Username Enumeration",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2021-45925",
"datePublished": "2022-10-24T00:00:00.000Z",
"dateReserved": "2022-05-13T00:00:00.000Z",
"dateUpdated": "2025-05-07T13:51:47.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-46
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation ID: MIT-39
Phase: Implementation
Description:
- Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
- If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
- Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
CAPEC-189: Black Box Reverse Engineering
An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs. Black Box Reverse Engineering also refers to gathering physical side effects of a hardware device, such as electromagnetic radiation or sounds.