CWE-203
Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
CVE-2022-36105 (GCVE-0-2022-36105)
Vulnerability from cvelistv5 – Published: 2022-09-13 17:40 – Updated: 2025-04-23 17:11
VLAI
Title
User Enumeration via Response Timing in TYPO3
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which simulates corresponding times regular processing would usually take. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix this problem. There are no known workarounds for this issue.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/TYPO3/typo3/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/TYPO3/typo3/commit/f8b83ce15d4… | x_refsource_MISC |
| https://typo3.org/security/advisory/typo3-core-sa… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-007"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36105",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:51:34.710355Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:11:20.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.6.58"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.7.48"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.37"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.32"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which simulates corresponding times regular processing would usually take. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix this problem. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203: Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-13T17:40:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-007"
}
],
"source": {
"advisory": "GHSA-m392-235j-9r7r",
"discovery": "UNKNOWN"
},
"title": "User Enumeration via Response Timing in TYPO3",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36105",
"STATE": "PUBLIC",
"TITLE": "User Enumeration via Response Timing in TYPO3"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "typo3",
"version": {
"version_data": [
{
"version_value": "\u003e= 7.0.0, \u003c 7.6.58"
},
{
"version_value": "\u003e= 8.0.0, \u003c 8.7.48"
},
{
"version_value": "\u003e= 9.0.0, \u003c 9.5.37"
},
{
"version_value": "\u003e= 10.0.0, \u003c 10.4.32"
},
{
"version_value": "\u003e= 11.0.0, \u003c 11.5.16"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which simulates corresponding times regular processing would usually take. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix this problem. There are no known workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203: Observable Discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r"
},
{
"name": "https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6",
"refsource": "MISC",
"url": "https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2022-007",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-007"
}
]
},
"source": {
"advisory": "GHSA-m392-235j-9r7r",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36105",
"datePublished": "2022-09-13T17:40:13.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:11:20.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39228 (GCVE-0-2022-39228)
Vulnerability from cvelistv5 – Published: 2023-03-01 16:23 – Updated: 2025-03-07 21:24
VLAI
Title
Observable Response Discrepancy in vantage6
Summary
vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is entered a number of times, the user account is blocked temporarily. This issue has been fixed in version 3.8.0.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/vantage6/vantage6/security/adv… | x_refsource_CONFIRM |
| https://github.com/vantage6/vantage6/issues/59 | x_refsource_MISC |
| https://github.com/vantage6/vantage6/pull/281 | x_refsource_MISC |
| https://github.com/vantage6/vantage6/commit/ab438… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:00:43.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/vantage6/vantage6/security/advisories/GHSA-36gx-9q6h-g429",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-36gx-9q6h-g429"
},
{
"name": "https://github.com/vantage6/vantage6/issues/59",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vantage6/vantage6/issues/59"
},
{
"name": "https://github.com/vantage6/vantage6/pull/281",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vantage6/vantage6/pull/281"
},
{
"name": "https://github.com/vantage6/vantage6/commit/ab4381c35d24add06f75d5a8a284321f7a340bd2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vantage6/vantage6/commit/ab4381c35d24add06f75d5a8a284321f7a340bd2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39228",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T21:24:19.801627Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T21:24:48.813Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vantage6",
"vendor": "vantage6",
"versions": [
{
"status": "affected",
"version": "\u003c 3.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is entered a number of times, the user account is blocked temporarily. This issue has been fixed in version 3.8.0.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204: Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203: Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T16:23:18.720Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vantage6/vantage6/security/advisories/GHSA-36gx-9q6h-g429",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-36gx-9q6h-g429"
},
{
"name": "https://github.com/vantage6/vantage6/issues/59",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vantage6/vantage6/issues/59"
},
{
"name": "https://github.com/vantage6/vantage6/pull/281",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vantage6/vantage6/pull/281"
},
{
"name": "https://github.com/vantage6/vantage6/commit/ab4381c35d24add06f75d5a8a284321f7a340bd2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vantage6/vantage6/commit/ab4381c35d24add06f75d5a8a284321f7a340bd2"
}
],
"source": {
"advisory": "GHSA-36gx-9q6h-g429",
"discovery": "UNKNOWN"
},
"title": "Observable Response Discrepancy in vantage6"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-39228",
"datePublished": "2023-03-01T16:23:18.720Z",
"dateReserved": "2022-09-02T14:16:35.824Z",
"dateUpdated": "2025-03-07T21:24:48.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-50800 (GCVE-0-2022-50800)
Vulnerability from cvelistv5 – Published: 2025-12-30 22:41 – Updated: 2026-01-02 19:51
VLAI
Title
H3C SSL VPN n/a Username Enumeration via Login Script Credential Verification
Summary
H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the login_submit.cgi endpoint and analyze response messages to distinguish between existing and non-existing accounts.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/50742 | exploit |
| https://www.h3c.com | product |
| https://www.zeroscience.mk/en/vulnerabilities/ZSL… | third-party-advisory |
| https://www.vulncheck.com/advisories/hc-ssl-vpn-n… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hangzhou H3C Technologies | H3C SSL VPN |
Affected:
1.1
|
Date Public
2022-01-24 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-50800",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-02T19:50:52.803306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-02T19:51:05.508Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "H3C SSL VPN",
"vendor": "Hangzhou H3C Technologies",
"versions": [
{
"status": "affected",
"version": "1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2022-01-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the \u0027txtUsrName\u0027 POST parameter. Attackers can submit different usernames to the login_submit.cgi endpoint and analyze response messages to distinguish between existing and non-existing accounts."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-30T22:41:40.801Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-50742",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50742"
},
{
"name": "H3C Official Product Homepage",
"tags": [
"product"
],
"url": "https://www.h3c.com"
},
{
"name": "Zero Science Lab Disclosure (ZSL-2022-5697)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5697.php"
},
{
"name": "VulnCheck Advisory: H3C SSL VPN n/a Username Enumeration via Login Script Credential Verification",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/hc-ssl-vpn-na-username-enumeration-via-login-script-credential-verification"
}
],
"title": "H3C SSL VPN n/a Username Enumeration via Login Script Credential Verification",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2022-50800",
"datePublished": "2025-12-30T22:41:40.801Z",
"dateReserved": "2025-12-27T13:53:29.754Z",
"dateUpdated": "2026-01-02T19:51:05.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-0440 (GCVE-0-2023-0440)
Vulnerability from cvelistv5 – Published: 2023-01-23 00:00 – Updated: 2025-04-03 16:58
VLAI
Title
Observable Discrepancy in healthchecks/healthchecks
Summary
Observable Discrepancy in GitHub repository healthchecks/healthchecks prior to v2.6.
Severity
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| healthchecks | healthchecks/healthchecks |
Affected:
unspecified , < v2.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:56.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/208a096f-7986-4eed-8629-b7285348a686"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/healthchecks/healthchecks/commit/359edbd2709e27b60687061a32e19322bc971c1f"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0440",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T15:10:36.789331Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T16:58:22.894Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "healthchecks/healthchecks",
"vendor": "healthchecks",
"versions": [
{
"lessThan": "v2.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Observable Discrepancy in GitHub repository healthchecks/healthchecks prior to v2.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-02T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/208a096f-7986-4eed-8629-b7285348a686"
},
{
"url": "https://github.com/healthchecks/healthchecks/commit/359edbd2709e27b60687061a32e19322bc971c1f"
}
],
"source": {
"advisory": "208a096f-7986-4eed-8629-b7285348a686",
"discovery": "EXTERNAL"
},
"title": "Observable Discrepancy in healthchecks/healthchecks"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0440",
"datePublished": "2023-01-23T00:00:00.000Z",
"dateReserved": "2023-01-23T00:00:00.000Z",
"dateUpdated": "2025-04-03T16:58:22.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22359 (GCVE-0-2023-22359)
Vulnerability from cvelistv5 – Published: 2023-06-26 06:51 – Updated: 2024-08-28 20:25
VLAI
Title
User-enumeration in RestAPI
Summary
User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://checkmk.com/werk/15890 |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://checkmk.com/werk/15890"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22359",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T20:25:16.139712Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T20:25:29.123Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Checkmk",
"vendor": "Tribe29",
"versions": [
{
"lessThanOrEqual": "2.2.0p4",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "User enumeration in Checkmk \u003c=2.2.0p4 allows an authenticated attacker to enumerate usernames."
}
],
"impacts": [
{
"capecId": "CAPEC-575",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-575: Account Footprinting"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203: Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T09:46:00.200Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Checkmk"
},
"references": [
{
"url": "https://checkmk.com/werk/15890"
}
],
"title": "User-enumeration in RestAPI"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Tribe29",
"cveId": "CVE-2023-22359",
"datePublished": "2023-06-26T06:51:24.193Z",
"dateReserved": "2023-01-18T15:32:06.543Z",
"dateUpdated": "2024-08-28T20:25:29.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32691 (GCVE-0-2023-32691)
Vulnerability from cvelistv5 – Published: 2023-05-30 03:06 – Updated: 2025-01-10 20:45
VLAI
Title
ginuerzh/gost vulnerable to Timing Attack
Summary
gost (GO Simple Tunnel) is a simple tunnel written in golang. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparison function. Untrusted input, sourced from a HTTP header, is compared directly with a secret. Since this comparison is not secure, an attacker can mount a side-channel timing attack to guess the password. As a workaround, this can be easily fixed using a constant time comparing function such as `crypto/subtle`'s `ConstantTimeCompare`.
Severity
5.9 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/ginuerzh/gost/security/advisor… | x_refsource_CONFIRM |
| https://github.com/ginuerzh/gost/blob/1c62376e088… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:37.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/ginuerzh/gost/security/advisories/GHSA-qjrq-hm79-49ww",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ginuerzh/gost/security/advisories/GHSA-qjrq-hm79-49ww"
},
{
"name": "https://github.com/ginuerzh/gost/blob/1c62376e0880e4094bd3731e06bd4f7842638f6a/auth.go#L46",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ginuerzh/gost/blob/1c62376e0880e4094bd3731e06bd4f7842638f6a/auth.go#L46"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32691",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T20:45:08.537390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T20:45:20.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gost",
"vendor": "ginuerzh",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.11.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "gost (GO Simple Tunnel) is a simple tunnel written in golang. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparison function. Untrusted input, sourced from a HTTP header, is compared directly with a secret. Since this comparison is not secure, an attacker can mount a side-channel timing attack to guess the password. As a workaround, this can be easily fixed using a constant time comparing function such as `crypto/subtle`\u0027s `ConstantTimeCompare`. \n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203: Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T03:06:06.080Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ginuerzh/gost/security/advisories/GHSA-qjrq-hm79-49ww",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ginuerzh/gost/security/advisories/GHSA-qjrq-hm79-49ww"
},
{
"name": "https://github.com/ginuerzh/gost/blob/1c62376e0880e4094bd3731e06bd4f7842638f6a/auth.go#L46",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ginuerzh/gost/blob/1c62376e0880e4094bd3731e06bd4f7842638f6a/auth.go#L46"
}
],
"source": {
"advisory": "GHSA-qjrq-hm79-49ww",
"discovery": "UNKNOWN"
},
"title": "ginuerzh/gost vulnerable to Timing Attack"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-32691",
"datePublished": "2023-05-30T03:06:06.080Z",
"dateReserved": "2023-05-11T16:33:45.732Z",
"dateUpdated": "2025-01-10T20:45:20.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32694 (GCVE-0-2023-32694)
Vulnerability from cvelistv5 – Published: 2023-05-25 14:29 – Updated: 2025-01-16 19:21
VLAI
Title
Non-constant time HMAC comparison in Adyen plugin in Saleor
Summary
Saleor Core is a composable, headless commerce API. Saleor's `validate_hmac_signature` function is vulnerable to timing attacks. Malicious users could abuse this vulnerability on Saleor deployments having the Adyen plugin enabled in order to determine the secret key and forge fake events, this could affect the database integrity such as marking an order as paid when it is not. This issue has been patched in versions 3.7.68, 3.8.40, 3.9.49, 3.10.36, 3.11.35, 3.12.25, and 3.13.16.
Severity
4.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/saleor/saleor/security/advisor… | x_refsource_CONFIRM |
| https://github.com/saleor/saleor/commit/1328274e1… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:36.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/saleor/saleor/security/advisories/GHSA-3rqj-9v87-2x3f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/security/advisories/GHSA-3rqj-9v87-2x3f"
},
{
"name": "https://github.com/saleor/saleor/commit/1328274e1a3d04ab87d7daee90229ff47b3bc35e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/saleor/saleor/commit/1328274e1a3d04ab87d7daee90229ff47b3bc35e"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32694",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T19:21:44.207892Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T19:21:54.740Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "saleor",
"vendor": "saleor",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.11.0, \u003c 3.7.68"
},
{
"status": "affected",
"version": "\u003e= 3.8.0, \u003c 3.8.40"
},
{
"status": "affected",
"version": "\u003e= 3.9.0, \u003c 3.9.49"
},
{
"status": "affected",
"version": "\u003e= 3.10.0, \u003c 3.10.36"
},
{
"status": "affected",
"version": "\u003e= 3.11.0, \u003c 3.11.35"
},
{
"status": "affected",
"version": "\u003e= 3.12.0, \u003c 3.12.25"
},
{
"status": "affected",
"version": "\u003e= 3.13.0, \u003c 3.13.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Saleor Core is a composable, headless commerce API. Saleor\u0027s `validate_hmac_signature` function is vulnerable to timing attacks. Malicious users could abuse this vulnerability on Saleor deployments having the Adyen plugin enabled in order to determine the secret key and forge fake events, this could affect the database integrity such as marking an order as paid when it is not. This issue has been patched in versions 3.7.68, 3.8.40, 3.9.49, 3.10.36, 3.11.35, 3.12.25, and 3.13.16."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203: Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208: Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-25T14:29:10.217Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/saleor/saleor/security/advisories/GHSA-3rqj-9v87-2x3f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/saleor/saleor/security/advisories/GHSA-3rqj-9v87-2x3f"
},
{
"name": "https://github.com/saleor/saleor/commit/1328274e1a3d04ab87d7daee90229ff47b3bc35e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/saleor/saleor/commit/1328274e1a3d04ab87d7daee90229ff47b3bc35e"
}
],
"source": {
"advisory": "GHSA-3rqj-9v87-2x3f",
"discovery": "UNKNOWN"
},
"title": "Non-constant time HMAC comparison in Adyen plugin in Saleor"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-32694",
"datePublished": "2023-05-25T14:29:10.217Z",
"dateReserved": "2023-05-11T16:33:45.733Z",
"dateUpdated": "2025-01-16T19:21:54.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33850 (GCVE-0-2023-33850)
Vulnerability from cvelistv5 – Published: 2023-08-22 20:31 – Updated: 2025-11-03 21:48
VLAI
Title
IBM GSKit-Crypto information disclosure
Summary
IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7010369 | vendor-advisory |
| https://www.ibm.com/support/pages/node/7022413 | vendor-advisory |
| https://www.ibm.com/support/pages/node/7022414 | vendor-advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_transferred |
| https://security.netapp.com/advisory/ntap-2024110… |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | TXSeries for Multiplatforms |
Affected:
8.1, 8.2, 9.1
|
|
| IBM | CICS TX Standard |
Affected:
11.1
|
|
| IBM | CICS TX Advanced |
Affected:
10.1, 11.1
|
|
| ibm | txseries_for_multiplatform |
Affected:
8.1
Affected: 8.2 Affected: 9.1 cpe:2.3:a:ibm:txseries_for_multiplatform:8.1:*:*:*:*:*:*:* |
|
| ibm | cics_tx |
Affected:
11.1
Affected: 10.1 cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:* |
|
| ibm | cics_tx |
Affected:
11.1
cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:standard:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:48:43.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7010369"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7022413"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7022414"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257132"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241108-0002/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:txseries_for_multiplatform:8.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "txseries_for_multiplatform",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "8.2"
},
{
"status": "affected",
"version": "9.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*"
],
"defaultStatus": "unaffected",
"product": "cics_tx",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "11.1"
},
{
"status": "affected",
"version": "10.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*"
],
"defaultStatus": "unaffected",
"product": "cics_tx",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "11.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33850",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T19:06:38.589742Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T19:11:06.469Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TXSeries for Multiplatforms",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1, 8.2, 9.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CICS TX Standard",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CICS TX Advanced",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1, 11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(204, 217, 226);\"\u003eIBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information.\u003c/span\u003e"
}
],
"value": "IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T13:50:22.398Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7010369"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7022413"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7022414"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM GSKit-Crypto information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-33850",
"datePublished": "2023-08-22T20:31:25.923Z",
"dateReserved": "2023-05-23T00:31:59.438Z",
"dateUpdated": "2025-11-03T21:48:43.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-34344 (GCVE-0-2023-34344)
Vulnerability from cvelistv5 – Published: 2023-06-12 16:54 – Updated: 2025-01-03 21:10
VLAI
Title
A vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username
Summary
AMI BMC contains a vulnerability in the IPMI
handler, where an unauthorized attacker can use certain oracles to guess a
valid username, which may lead to information disclosure.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-203 - Observable Discrepancy
- CWe-208 Observable Timing Discrepancy
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AMI | MegaRAC_SPx |
Affected:
12.0 , < 12.7
(RC)
Affected: 13.0 , < 13.5 (RC) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:06.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34344",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-03T21:09:38.061734Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-03T21:10:15.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"ARM"
],
"product": "MegaRAC_SPx",
"vendor": "AMI",
"versions": [
{
"lessThan": "12.7",
"status": "affected",
"version": "12.0",
"versionType": "RC"
},
{
"lessThan": "13.5",
"status": "affected",
"version": "13.0",
"versionType": "RC"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "NVIDIA Offensive Security Research (OSR) team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "AMI BMC contains a vulnerability in the IPMI\nhandler, where an unauthorized attacker can use certain oracles to guess a\nvalid username, which may lead to information disclosure.\n\n\n\n\n\n"
}
],
"value": "AMI BMC contains a vulnerability in the IPMI\nhandler, where an unauthorized attacker can use certain oracles to guess a\nvalid username, which may lead to information disclosure.\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-189",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-189 Black Box Reverse Engineering"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "CWe-208 Observable Timing Discrepancy",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T16:54:19.265Z",
"orgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6",
"shortName": "AMI"
},
"references": [
{
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6",
"assignerShortName": "AMI",
"cveId": "CVE-2023-34344",
"datePublished": "2023-06-12T16:54:19.265Z",
"dateReserved": "2023-06-01T20:50:32.675Z",
"dateUpdated": "2025-01-03T21:10:15.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3462 (GCVE-0-2023-3462)
Vulnerability from cvelistv5 – Published: 2023-07-31 22:40 – Updated: 2024-10-21 18:04
VLAI
Title
Vault's LDAP Auth Method Allows for User Enumeration
Summary
HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| HashiCorp | Vault |
Affected:
1.13.0 , ≤ 1.13.4
(semver)
Affected: 1.14.0 |
|
| HashiCorp | Vault Enterprise |
Affected:
1.13.0 , ≤ 1.13.4
(semver)
Affected: 1.14.0 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-24-vaults-ldap-auth-method-allows-for-user-enumeration/56714"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3462",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T18:04:26.770286Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T18:04:40.093Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"64 bit",
"32 bit",
"ARM"
],
"product": "Vault",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"lessThanOrEqual": "1.13.4",
"status": "affected",
"version": "1.13.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.14.0"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM",
"64 bit",
"32 bit"
],
"product": "Vault Enterprise",
"vendor": "HashiCorp",
"versions": [
{
"lessThanOrEqual": "1.13.4",
"status": "affected",
"version": "1.13.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.14.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jared Johnstone"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HashiCorp\u0027s Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5."
}
],
"value": "HashiCorp\u0027s Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5."
}
],
"impacts": [
{
"capecId": "CAPEC-575",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-575 Account Footprinting"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T22:40:23.432Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-24-vaults-ldap-auth-method-allows-for-user-enumeration/56714"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Vault\u0027s LDAP Auth Method Allows for User Enumeration"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2023-3462",
"datePublished": "2023-07-31T22:40:23.432Z",
"dateReserved": "2023-06-29T19:00:52.239Z",
"dateUpdated": "2024-10-21T18:04:40.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-46
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation ID: MIT-39
Phase: Implementation
Description:
- Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
- If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
- Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
CAPEC-189: Black Box Reverse Engineering
An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs. Black Box Reverse Engineering also refers to gathering physical side effects of a hardware device, such as electromagnetic radiation or sounds.