CWE-203
Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
CVE-2021-47664 (GCVE-0-2021-47664)
Vulnerability from cvelistv5 – Published: 2025-04-24 09:25 – Updated: 2025-04-24 15:22
VLAI
Title
Enumeration of valid user names
Summary
Due to improper authentication mechanism an unauthenticated remote attacker can enumerate valid usernames.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Franka Robotics | Franka Emika Robot |
Affected:
0.0.0 , ≤ 4.0.3
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47664",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-24T13:46:45.931265Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T15:22:17.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Franka Emika Robot",
"vendor": "Franka Robotics",
"versions": [
{
"lessThanOrEqual": "4.0.3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Siegfried Hollerer by TU Wien"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to improper authentication mechanism an unauthenticated remote attacker can enumerate valid usernames."
}
],
"value": "Due to improper authentication mechanism an unauthenticated remote attacker can enumerate valid usernames."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203: Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T09:25:39.181Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.sciencedirect.com/science/article/pii/S2351978921001657"
}
],
"source": {
"defect": [
"CERT@VDE#641761"
],
"discovery": "UNKNOWN"
},
"title": "Enumeration of valid user names",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-47664",
"datePublished": "2025-04-24T09:25:39.181Z",
"dateReserved": "2025-03-17T08:25:16.736Z",
"dateUpdated": "2025-04-24T15:22:17.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0569 (GCVE-0-2022-0569)
Vulnerability from cvelistv5 – Published: 2022-02-12 23:55 – Updated: 2024-08-02 23:32
VLAI
Title
Observable Discrepancy in snipe/snipe-it
Summary
Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.
Severity
5.3 (Medium)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2… | x_refsource_CONFIRM |
| https://github.com/snipe/snipe-it/commit/05c08197… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < v5.3.9
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "v5.3.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eObservable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.\u003c/p\u003e"
}
],
"value": "Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:46:47.232Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09"
}
],
"source": {
"advisory": "b41d5e63-bcd8-4864-8a2e-8ec74eec520b",
"discovery": "EXTERNAL"
},
"title": "Observable Discrepancy in snipe/snipe-it",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0569",
"STATE": "PUBLIC",
"TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v5.3.9"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in Packagist snipe/snipe-it prior to v5.3.9."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b"
},
{
"name": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09"
}
]
},
"source": {
"advisory": "b41d5e63-bcd8-4864-8a2e-8ec74eec520b",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0569",
"datePublished": "2022-02-12T23:55:09.000Z",
"dateReserved": "2022-02-11T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:46.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0823 (GCVE-0-2022-0823)
Vulnerability from cvelistv5 – Published: 2022-06-07 01:10 – Updated: 2024-08-02 23:40
VLAI
Summary
An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack.
Severity
6.2 (Medium)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zyxel.com/support/Zyxel-security-advi… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Zyxel | Zyxel GS1200 series firmware |
Affected:
2.00 Patch 1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:04.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.zyxel.com/support/Zyxel-security-advisory-for-password-guessing-vulnerability-of-GS1200-series-switches.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zyxel GS1200 series firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "2.00 Patch 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203: Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-07T01:10:12.000Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.zyxel.com/support/Zyxel-security-advisory-for-password-guessing-vulnerability-of-GS1200-series-switches.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@zyxel.com.tw",
"ID": "CVE-2022-0823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zyxel GS1200 series firmware",
"version": {
"version_data": [
{
"version_value": "2.00 Patch 1"
}
]
}
}
]
},
"vendor_name": "Zyxel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.2",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203: Observable Discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zyxel.com/support/Zyxel-security-advisory-for-password-guessing-vulnerability-of-GS1200-series-switches.shtml",
"refsource": "CONFIRM",
"url": "https://www.zyxel.com/support/Zyxel-security-advisory-for-password-guessing-vulnerability-of-GS1200-series-switches.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2022-0823",
"datePublished": "2022-06-07T01:10:12.000Z",
"dateReserved": "2022-03-02T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:40:04.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20866 (GCVE-0-2022-20866)
Vulnerability from cvelistv5 – Published: 2022-08-10 16:20 – Updated: 2024-11-01 18:54
VLAI
Title
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability
Summary
A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key. This vulnerability is due to a logic error when the RSA key is stored in memory on a hardware platform that performs hardware-based cryptography. An attacker could exploit this vulnerability by using a Lenstra side-channel attack against the targeted device. A successful exploit could allow the attacker to retrieve the RSA private key. The following conditions may be observed on an affected device: This vulnerability will apply to approximately 5 percent of the RSA keys on a device that is running a vulnerable release of Cisco ASA Software or Cisco FTD Software; not all RSA keys are expected to be affected due to mathematical calculations applied to the RSA key. The RSA key could be valid but have specific characteristics that make it vulnerable to the potential leak of the RSA private key. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic. See the Indicators of Compromise section for more information on the detection of this type of RSA key. The RSA key could be malformed and invalid. A malformed RSA key is not functional, and a TLS client connection to a device that is running Cisco ASA Software or Cisco FTD Software that uses the malformed RSA key will result in a TLS signature failure, which means a vulnerable software release created an invalid RSA signature that failed verification. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic.
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://tools.cisco.com/security/center/content/C… | vendor-advisoryx_refsource_CISCO |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Adaptive Security Appliance (ASA) Software |
Affected:
n/a
|
Date Public
2022-08-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:24:50.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20220810 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20866",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-01T18:42:20.599063Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T18:54:32.713Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Adaptive Security Appliance (ASA) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-08-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key. This vulnerability is due to a logic error when the RSA key is stored in memory on a hardware platform that performs hardware-based cryptography. An attacker could exploit this vulnerability by using a Lenstra side-channel attack against the targeted device. A successful exploit could allow the attacker to retrieve the RSA private key. The following conditions may be observed on an affected device: This vulnerability will apply to approximately 5 percent of the RSA keys on a device that is running a vulnerable release of Cisco ASA Software or Cisco FTD Software; not all RSA keys are expected to be affected due to mathematical calculations applied to the RSA key. The RSA key could be valid but have specific characteristics that make it vulnerable to the potential leak of the RSA private key. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic. See the Indicators of Compromise section for more information on the detection of this type of RSA key. The RSA key could be malformed and invalid. A malformed RSA key is not functional, and a TLS client connection to a device that is running Cisco ASA Software or Cisco FTD Software that uses the malformed RSA key will result in a TLS signature failure, which means a vulnerable software release created an invalid RSA signature that failed verification. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware of a public announcement of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-10T16:20:19.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20220810 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz"
}
],
"source": {
"advisory": "cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz",
"defect": [
[
"CSCwb88651",
"CSCwc28334"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2022-08-10T23:00:00",
"ID": "CVE-2022-20866",
"STATE": "PUBLIC",
"TITLE": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Adaptive Security Appliance (ASA) Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key. This vulnerability is due to a logic error when the RSA key is stored in memory on a hardware platform that performs hardware-based cryptography. An attacker could exploit this vulnerability by using a Lenstra side-channel attack against the targeted device. A successful exploit could allow the attacker to retrieve the RSA private key. The following conditions may be observed on an affected device: This vulnerability will apply to approximately 5 percent of the RSA keys on a device that is running a vulnerable release of Cisco ASA Software or Cisco FTD Software; not all RSA keys are expected to be affected due to mathematical calculations applied to the RSA key. The RSA key could be valid but have specific characteristics that make it vulnerable to the potential leak of the RSA private key. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic. See the Indicators of Compromise section for more information on the detection of this type of RSA key. The RSA key could be malformed and invalid. A malformed RSA key is not functional, and a TLS client connection to a device that is running Cisco ASA Software or Cisco FTD Software that uses the malformed RSA key will result in a TLS signature failure, which means a vulnerable software release created an invalid RSA signature that failed verification. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware of a public announcement of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "7.4",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20220810 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz"
}
]
},
"source": {
"advisory": "cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz",
"defect": [
[
"CSCwb88651",
"CSCwc28334"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20866",
"datePublished": "2022-08-10T16:20:19.803Z",
"dateReserved": "2021-11-02T00:00:00.000Z",
"dateUpdated": "2024-11-01T18:54:32.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20940 (GCVE-0-2022-20940)
Vulnerability from cvelistv5 – Published: 2022-11-10 17:38 – Updated: 2024-08-03 02:31
VLAI
Summary
A vulnerability in the TLS handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain access to sensitive information.
This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses SSL decryption policies. An attacker could exploit this vulnerability by sending crafted TLS messages to an affected device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack. A successful exploit could allow the attacker to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions to the affected device.
Severity
5.3 (Medium)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Firepower Threat Defense Software |
Affected:
6.2.3
Affected: 6.2.3.1 Affected: 6.2.3.2 Affected: 6.2.3.3 Affected: 6.2.3.4 Affected: 6.2.3.5 Affected: 6.2.3.6 Affected: 6.2.3.7 Affected: 6.2.3.8 Affected: 6.2.3.10 Affected: 6.2.3.11 Affected: 6.2.3.9 Affected: 6.2.3.12 Affected: 6.2.3.13 Affected: 6.2.3.14 Affected: 6.2.3.15 Affected: 6.2.3.16 Affected: 6.2.3.17 Affected: 6.2.3.18 Affected: 6.6.0 Affected: 6.6.0.1 Affected: 6.6.1 Affected: 6.6.3 Affected: 6.6.4 Affected: 6.6.5 Affected: 6.6.5.1 Affected: 6.6.5.2 Affected: 6.4.0 Affected: 6.4.0.1 Affected: 6.4.0.3 Affected: 6.4.0.2 Affected: 6.4.0.4 Affected: 6.4.0.5 Affected: 6.4.0.6 Affected: 6.4.0.7 Affected: 6.4.0.8 Affected: 6.4.0.9 Affected: 6.4.0.10 Affected: 6.4.0.11 Affected: 6.4.0.12 Affected: 6.4.0.13 Affected: 6.4.0.14 Affected: 6.7.0 Affected: 6.7.0.1 Affected: 6.7.0.2 Affected: 6.7.0.3 Affected: 7.0.0 Affected: 7.0.0.1 Affected: 7.0.1 Affected: 7.0.1.1 Affected: 7.0.2 Affected: 7.0.2.1 Affected: 7.0.3 Affected: 7.1.0 Affected: 7.1.0.1 Affected: 7.1.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:58.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-ftd-tls-bb-rCgtmY2",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tls-bb-rCgtmY2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Firepower Threat Defense Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.2.3.1"
},
{
"status": "affected",
"version": "6.2.3.2"
},
{
"status": "affected",
"version": "6.2.3.3"
},
{
"status": "affected",
"version": "6.2.3.4"
},
{
"status": "affected",
"version": "6.2.3.5"
},
{
"status": "affected",
"version": "6.2.3.6"
},
{
"status": "affected",
"version": "6.2.3.7"
},
{
"status": "affected",
"version": "6.2.3.8"
},
{
"status": "affected",
"version": "6.2.3.10"
},
{
"status": "affected",
"version": "6.2.3.11"
},
{
"status": "affected",
"version": "6.2.3.9"
},
{
"status": "affected",
"version": "6.2.3.12"
},
{
"status": "affected",
"version": "6.2.3.13"
},
{
"status": "affected",
"version": "6.2.3.14"
},
{
"status": "affected",
"version": "6.2.3.15"
},
{
"status": "affected",
"version": "6.2.3.16"
},
{
"status": "affected",
"version": "6.2.3.17"
},
{
"status": "affected",
"version": "6.2.3.18"
},
{
"status": "affected",
"version": "6.6.0"
},
{
"status": "affected",
"version": "6.6.0.1"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "6.6.4"
},
{
"status": "affected",
"version": "6.6.5"
},
{
"status": "affected",
"version": "6.6.5.1"
},
{
"status": "affected",
"version": "6.6.5.2"
},
{
"status": "affected",
"version": "6.4.0"
},
{
"status": "affected",
"version": "6.4.0.1"
},
{
"status": "affected",
"version": "6.4.0.3"
},
{
"status": "affected",
"version": "6.4.0.2"
},
{
"status": "affected",
"version": "6.4.0.4"
},
{
"status": "affected",
"version": "6.4.0.5"
},
{
"status": "affected",
"version": "6.4.0.6"
},
{
"status": "affected",
"version": "6.4.0.7"
},
{
"status": "affected",
"version": "6.4.0.8"
},
{
"status": "affected",
"version": "6.4.0.9"
},
{
"status": "affected",
"version": "6.4.0.10"
},
{
"status": "affected",
"version": "6.4.0.11"
},
{
"status": "affected",
"version": "6.4.0.12"
},
{
"status": "affected",
"version": "6.4.0.13"
},
{
"status": "affected",
"version": "6.4.0.14"
},
{
"status": "affected",
"version": "6.7.0"
},
{
"status": "affected",
"version": "6.7.0.1"
},
{
"status": "affected",
"version": "6.7.0.2"
},
{
"status": "affected",
"version": "6.7.0.3"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.0.0.1"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.1.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.0.2.1"
},
{
"status": "affected",
"version": "7.0.3"
},
{
"status": "affected",
"version": "7.1.0"
},
{
"status": "affected",
"version": "7.1.0.1"
},
{
"status": "affected",
"version": "7.1.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the TLS handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain access to sensitive information.\r\n\r This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses SSL decryption policies. An attacker could exploit this vulnerability by sending crafted TLS messages to an affected device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack. A successful exploit could allow the attacker to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions to the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "Observable Discrepancy",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:17.707Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ftd-tls-bb-rCgtmY2",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tls-bb-rCgtmY2"
}
],
"source": {
"advisory": "cisco-sa-ftd-tls-bb-rCgtmY2",
"defects": [
"CSCwa41936"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20940",
"datePublished": "2022-11-10T17:38:07.193Z",
"dateReserved": "2021-11-02T13:28:29.193Z",
"dateUpdated": "2024-08-03T02:31:58.809Z",
"requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22120 (GCVE-0-2022-22120)
Vulnerability from cvelistv5 – Published: 2022-01-10 15:25 – Updated: 2024-09-16 23:27
VLAI
Title
NocoDB - Observable Discrepancy in the password-reset feature
Summary
In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the registered users' email addresses.
Severity
5.3 (Medium)
CWE
- CWE-203 - Information Exposure Through Discrepancy
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/nocodb/nocodb/commit/f46e89b0 | x_refsource_MISC |
| https://www.whitesourcesoftware.com/vulnerability… | x_refsource_MISC |
Impacted products
Date Public
2022-01-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:00:55.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nocodb/nocodb/commit/f46e89b0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22120"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nocodb",
"vendor": "nocodb",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0.9",
"versionType": "custom"
},
{
"lessThanOrEqual": "0.83.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "WhiteSource Vulnerability Research Team (WVR)"
}
],
"datePublic": "2022-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn\u0027t registered within the system. This allows attackers to enumerate the registered users\u0027 email addresses."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Information Exposure Through Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-10T15:25:26.000Z",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nocodb/nocodb/commit/f46e89b0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22120"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 0.84.0 or later"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
},
"title": "NocoDB - Observable Discrepancy in the password-reset feature",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"DATE_PUBLIC": "2022-01-09T13:33:00.000Z",
"ID": "CVE-2022-22120",
"STATE": "PUBLIC",
"TITLE": "NocoDB - Observable Discrepancy in the password-reset feature"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "nocodb",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "0.9"
},
{
"version_affected": "\u003c=",
"version_value": "0.83.8"
}
]
}
}
]
},
"vendor_name": "nocodb"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "WhiteSource Vulnerability Research Team (WVR)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn\u0027t registered within the system. This allows attackers to enumerate the registered users\u0027 email addresses."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203 Information Exposure Through Discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nocodb/nocodb/commit/f46e89b0",
"refsource": "MISC",
"url": "https://github.com/nocodb/nocodb/commit/f46e89b0"
},
{
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22120",
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22120"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 0.84.0 or later"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2022-22120",
"datePublished": "2022-01-10T15:25:27.052Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:27:02.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23643 (GCVE-0-2022-23643)
Vulnerability from cvelistv5 – Published: 2022-02-15 21:25 – Updated: 2025-04-23 19:04
VLAI
Title
Side-channel attack in Sourcegraph Code Monitors
Summary
Sourcegraph is a code search and navigation engine. Sourcegraph versions 3.35 and 3.36 reintroduced a previously fixed side-channel vulnerabilitity in the Code Monitoring feature where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects only the Code Monitoring feature, whereas CVE-2021-43823 also affected saved searches. A successful attack would require an authenticated bad actor to create many Code Monitors to receive confirmation that a specific string exists. This could allow an attacker to guess formatted tokens in source code, such as API keys. This issue was patched in versions 3.35.2 and 3.36.3 of Sourcegraph. Those who are unable to upgrade may disable the Code Monitor feature in their installation.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/sourcegraph/sourcegraph/securi… | x_refsource_CONFIRM |
| https://github.com/sourcegraph/sourcegraph/pull/30547 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| sourcegraph | sourcegraph |
Affected:
>= 3.35, < 3.35.2
Affected: >= 3.36, < 3.36.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sourcegraph/sourcegraph/security/advisories/GHSA-xqv2-x6f2-w3pf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sourcegraph/sourcegraph/pull/30547"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23643",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:10:29.074582Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:04:54.059Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "sourcegraph",
"vendor": "sourcegraph",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.35, \u003c 3.35.2"
},
{
"status": "affected",
"version": "\u003e= 3.36, \u003c 3.36.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sourcegraph is a code search and navigation engine. Sourcegraph versions 3.35 and 3.36 reintroduced a previously fixed side-channel vulnerabilitity in the Code Monitoring feature where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects only the Code Monitoring feature, whereas CVE-2021-43823 also affected saved searches. A successful attack would require an authenticated bad actor to create many Code Monitors to receive confirmation that a specific string exists. This could allow an attacker to guess formatted tokens in source code, such as API keys. This issue was patched in versions 3.35.2 and 3.36.3 of Sourcegraph. Those who are unable to upgrade may disable the Code Monitor feature in their installation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203: Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-15T21:25:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sourcegraph/sourcegraph/security/advisories/GHSA-xqv2-x6f2-w3pf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sourcegraph/sourcegraph/pull/30547"
}
],
"source": {
"advisory": "GHSA-xqv2-x6f2-w3pf",
"discovery": "UNKNOWN"
},
"title": "Side-channel attack in Sourcegraph Code Monitors",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-23643",
"STATE": "PUBLIC",
"TITLE": "Side-channel attack in Sourcegraph Code Monitors"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sourcegraph",
"version": {
"version_data": [
{
"version_value": "\u003e= 3.35, \u003c 3.35.2"
},
{
"version_value": "\u003e= 3.36, \u003c 3.36.3"
}
]
}
}
]
},
"vendor_name": "sourcegraph"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sourcegraph is a code search and navigation engine. Sourcegraph versions 3.35 and 3.36 reintroduced a previously fixed side-channel vulnerabilitity in the Code Monitoring feature where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects only the Code Monitoring feature, whereas CVE-2021-43823 also affected saved searches. A successful attack would require an authenticated bad actor to create many Code Monitors to receive confirmation that a specific string exists. This could allow an attacker to guess formatted tokens in source code, such as API keys. This issue was patched in versions 3.35.2 and 3.36.3 of Sourcegraph. Those who are unable to upgrade may disable the Code Monitor feature in their installation."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-203: Observable Discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sourcegraph/sourcegraph/security/advisories/GHSA-xqv2-x6f2-w3pf",
"refsource": "CONFIRM",
"url": "https://github.com/sourcegraph/sourcegraph/security/advisories/GHSA-xqv2-x6f2-w3pf"
},
{
"name": "https://github.com/sourcegraph/sourcegraph/pull/30547",
"refsource": "MISC",
"url": "https://github.com/sourcegraph/sourcegraph/pull/30547"
}
]
},
"source": {
"advisory": "GHSA-xqv2-x6f2-w3pf",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23643",
"datePublished": "2022-02-15T21:25:10.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:04:54.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24043 (GCVE-0-2022-24043)
Vulnerability from cvelistv5 – Published: 2022-05-10 09:46 – Updated: 2024-08-03 03:59
VLAI
Summary
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The login functionality of the application fails to normalize the response times of login attempts performed with wrong usernames with the ones executed with correct usernames. A remote unauthenticated attacker could exploit this side-channel information to perform a username enumeration attack and identify valid usernames.
Severity
No CVSS data available.
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Desigo DXR2 |
Affected:
All versions < V01.21.142.5-22
|
|
| Siemens | Desigo PXC3 |
Affected:
All versions < V01.21.142.4-18
|
|
| Siemens | Desigo PXC4 |
Affected:
All versions < V02.20.142.10-10884
|
|
| Siemens | Desigo PXC5 |
Affected:
All versions < V02.20.142.10-10884
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Desigo DXR2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V01.21.142.5-22"
}
]
},
{
"product": "Desigo PXC3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V01.21.142.4-18"
}
]
},
{
"product": "Desigo PXC4",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V02.20.142.10-10884"
}
]
},
{
"product": "Desigo PXC5",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V02.20.142.10-10884"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Desigo DXR2 (All versions \u003c V01.21.142.5-22), Desigo PXC3 (All versions \u003c V01.21.142.4-18), Desigo PXC4 (All versions \u003c V02.20.142.10-10884), Desigo PXC5 (All versions \u003c V02.20.142.10-10884). The login functionality of the application fails to normalize the response times of login attempts performed with wrong usernames with the ones executed with correct usernames. A remote unauthenticated attacker could exploit this side-channel information to perform a username enumeration attack and identify valid usernames."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203: Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T09:21:33.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-24043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Desigo DXR2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V01.21.142.5-22"
}
]
}
},
{
"product_name": "Desigo PXC3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V01.21.142.4-18"
}
]
}
},
{
"product_name": "Desigo PXC4",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V02.20.142.10-10884"
}
]
}
},
{
"product_name": "Desigo PXC5",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V02.20.142.10-10884"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Desigo DXR2 (All versions \u003c V01.21.142.5-22), Desigo PXC3 (All versions \u003c V01.21.142.4-18), Desigo PXC4 (All versions \u003c V02.20.142.10-10884), Desigo PXC5 (All versions \u003c V02.20.142.10-10884). The login functionality of the application fails to normalize the response times of login attempts performed with wrong usernames with the ones executed with correct usernames. A remote unauthenticated attacker could exploit this side-channel information to perform a username enumeration attack and identify valid usernames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203: Observable Discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-24043",
"datePublished": "2022-05-10T09:46:53.000Z",
"dateReserved": "2022-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:59:23.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27221 (GCVE-0-2022-27221)
Vulnerability from cvelistv5 – Published: 2022-06-14 09:21 – Updated: 2025-04-21 13:53
VLAI
Summary
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
| https://cert-portal.siemens.com/productcert/html/… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | SINEMA Remote Connect Server |
Affected:
0 , < V3.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:25:32.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-27221",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T15:15:28.673910Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T13:53:16.606Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEMA Remote Connect Server",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V3.1). An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \"BREACH\" attack."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203: Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T12:04:03.289Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-27221",
"datePublished": "2022-06-14T09:21:43.000Z",
"dateReserved": "2022-03-15T00:00:00.000Z",
"dateUpdated": "2025-04-21T13:53:16.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29185 (GCVE-0-2022-29185)
Vulnerability from cvelistv5 – Published: 2022-05-20 19:30 – Updated: 2025-04-23 18:24
VLAI
Title
Observable Timing Discrepancy in totp-rs
Summary
totp-rs is a Rust library that permits the creation of 2FA authentification tokens per time-based one-time password (TOTP). Prior to version 1.1.0, token comparison was not constant time, and could theorically be used to guess value of an TOTP token, and thus reuse it in the same time window. The attacker would have to know the password beforehand nonetheless. Starting with patched version 1.1.0, the library uses constant-time comparison. There are currently no known workarounds.
Severity
4.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/constantoine/totp-rs/security/… | x_refsource_CONFIRM |
| https://github.com/constantoine/totp-rs/issues/13 | x_refsource_MISC |
| https://github.com/constantoine/totp-rs/releases/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| constantoine | totp-rs |
Affected:
<1.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:54.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/constantoine/totp-rs/security/advisories/GHSA-8vxv-2g8p-2249"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/constantoine/totp-rs/issues/13"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/constantoine/totp-rs/releases/tag/v1.1.0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29185",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:07:03.554858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:24:00.911Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "totp-rs",
"vendor": "constantoine",
"versions": [
{
"status": "affected",
"version": "\u003c1.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "totp-rs is a Rust library that permits the creation of 2FA authentification tokens per time-based one-time password (TOTP). Prior to version 1.1.0, token comparison was not constant time, and could theorically be used to guess value of an TOTP token, and thus reuse it in the same time window. The attacker would have to know the password beforehand nonetheless. Starting with patched version 1.1.0, the library uses constant-time comparison. There are currently no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208: Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203: Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-20T19:30:12.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/constantoine/totp-rs/security/advisories/GHSA-8vxv-2g8p-2249"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/constantoine/totp-rs/issues/13"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/constantoine/totp-rs/releases/tag/v1.1.0"
}
],
"source": {
"advisory": "GHSA-8vxv-2g8p-2249",
"discovery": "UNKNOWN"
},
"title": "Observable Timing Discrepancy in totp-rs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-29185",
"STATE": "PUBLIC",
"TITLE": "Observable Timing Discrepancy in totp-rs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "totp-rs",
"version": {
"version_data": [
{
"version_value": "\u003c1.1.0"
}
]
}
}
]
},
"vendor_name": "constantoine"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "totp-rs is a Rust library that permits the creation of 2FA authentification tokens per time-based one-time password (TOTP). Prior to version 1.1.0, token comparison was not constant time, and could theorically be used to guess value of an TOTP token, and thus reuse it in the same time window. The attacker would have to know the password beforehand nonetheless. Starting with patched version 1.1.0, the library uses constant-time comparison. There are currently no known workarounds."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-208: Observable Timing Discrepancy"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-203: Observable Discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/constantoine/totp-rs/security/advisories/GHSA-8vxv-2g8p-2249",
"refsource": "CONFIRM",
"url": "https://github.com/constantoine/totp-rs/security/advisories/GHSA-8vxv-2g8p-2249"
},
{
"name": "https://github.com/constantoine/totp-rs/issues/13",
"refsource": "MISC",
"url": "https://github.com/constantoine/totp-rs/issues/13"
},
{
"name": "https://github.com/constantoine/totp-rs/releases/tag/v1.1.0",
"refsource": "MISC",
"url": "https://github.com/constantoine/totp-rs/releases/tag/v1.1.0"
}
]
},
"source": {
"advisory": "GHSA-8vxv-2g8p-2249",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-29185",
"datePublished": "2022-05-20T19:30:12.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:24:00.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-46
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation ID: MIT-39
Phase: Implementation
Description:
- Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
- If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
- Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
CAPEC-189: Black Box Reverse Engineering
An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs. Black Box Reverse Engineering also refers to gathering physical side effects of a hardware device, such as electromagnetic radiation or sounds.