Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-11243

Summary
Assigner-kubernetes
Assigner Org ID-a6081bf6-c852-4425-ad4f-a67919267565
Published At-22 Apr, 2019 | 14:54
Updated At-04 Aug, 2024 | 22:48
Rejected At-
Credits

In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig()

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:kubernetes
Assigner Org ID:a6081bf6-c852-4425-ad4f-a67919267565
Published At:22 Apr, 2019 | 14:54
Updated At:04 Aug, 2024 | 22:48
Rejected At:
▼CVE Numbering Authority (CNA)

In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig()

Affected Products
Vendor
KubernetesKubernetes
Product
Kubernetes
Versions
Affected
  • From v1.12 through v1.12.4 (custom)
  • From v1.13 through v1.13.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-271CWE-271 Privilege Dropping / Lowering Errors
Type: CWE
CWE ID: CWE-271
Description: CWE-271 Privilege Dropping / Lowering Errors
Metrics
VersionBase scoreBase severityVector
3.03.1LOW
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Version: 3.0
Base score: 3.1
Base severity: LOW
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds

Clear the config.WrapTransport and config.Transport fields in addition to calling rest.AnonymousClientConfig()

Exploits
Credits
Oleg Bulatov of Red Hat
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/kubernetes/kubernetes/issues/76797
x_refsource_MISC
http://www.securityfocus.com/bid/108053
vdb-entry
x_refsource_BID
https://security.netapp.com/advisory/ntap-20190509-0002/
x_refsource_CONFIRM
Hyperlink: https://github.com/kubernetes/kubernetes/issues/76797
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/108053
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://security.netapp.com/advisory/ntap-20190509-0002/
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/kubernetes/kubernetes/issues/76797
x_refsource_MISC
x_transferred
http://www.securityfocus.com/bid/108053
vdb-entry
x_refsource_BID
x_transferred
https://security.netapp.com/advisory/ntap-20190509-0002/
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/kubernetes/kubernetes/issues/76797
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/108053
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20190509-0002/
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:jordan@liggitt.net
Published At:22 Apr, 2019 | 15:29
Updated At:02 Oct, 2020 | 13:17

In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig()

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.03.1LOW
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 3.1
Base severity: LOW
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CPE Matches
Kubernetes
kubernetes
>>kubernetes>>Versions from 1.12.0(inclusive) to 1.12.4(inclusive)
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Kubernetes
kubernetes
>>kubernetes>>1.13.0
cpe:2.3:a:kubernetes:kubernetes:1.13.0:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>trident>>-
cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-212Primarynvd@nist.gov
CWE-271Secondaryjordan@liggitt.net
CWE ID: CWE-212
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-271
Type: Secondary
Source: jordan@liggitt.net
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/108053jordan@liggitt.net
Third Party Advisory
VDB Entry
https://github.com/kubernetes/kubernetes/issues/76797jordan@liggitt.net
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190509-0002/jordan@liggitt.net
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/108053
Source: jordan@liggitt.net
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://github.com/kubernetes/kubernetes/issues/76797
Source: jordan@liggitt.net
Resource:
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20190509-0002/
Source: jordan@liggitt.net
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

112Records found
CVE-2020-36180
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.96% / 82.73%
||
7 Day CHG~0.00%
Published-06 Jan, 2021 | 22:30
Updated-04 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle CorporationFasterXML, LLC.NetApp, Inc.
Product-primavera_unifiercloud_backupjd_edwards_enterpriseone_orchestratorprimavera_gatewaycommunications_network_charging_and_controlcommunications_session_route_managerretail_service_backbonecommunications_session_report_managercommunications_instant_messaging_serverautovue_for_agile_product_lifecycle_managementagile_plmcommunications_policy_managementcommunications_cloud_native_core_policyretail_merchandising_systemcommunications_convergent_charging_controllercommerce_platformblockchain_platformcommunications_cloud_native_core_unified_data_repositoryjackson-databindcommunications_evolved_communications_application_servercommunications_unified_inventory_managementservice_level_managerdocumakerapplication_testing_suitecommunications_services_gatekeeperbanking_virtual_account_managementretail_customer_management_and_segmentation_foundationinsurance_rules_palettecommunications_billing_and_revenue_managementcommunications_offline_mediation_controllerdebian_linuxbanking_supply_chain_financecommunications_diameter_signaling_routecommunications_pricing_design_centerbanking_credit_facilities_process_managementretail_xstore_point_of_serviceinsurance_policy_administrationbanking_corporate_lending_process_managementgoldengate_application_adaptersbanking_extensibility_workbenchcommunications_element_managerjd_edwards_enterpriseone_toolsbanking_treasury_managementwebcenter_portaldata_integratorn/acommunications_diameter_signaling_routerglobal_lifecycle_management_opatchretail_sales_auditprimavera_unifierbanking_digital_experiencejd_edwards_enterpriseone_orchestratorretail_service_backbonecommunications_network_charging_and_controlcommunications_session_route_managercommunications_instant_messaging_serveragile_plmautovue_for_agile_product_lifecycle_managementfinancial_services_retail_customer_analyticsfinancial_services_price_creation_and_discoveryretail_merchandising_systemfinancial_services_institutional_performance_analyticssteelstore_cloud_integrated_storagedebian_linuxinsurance_policy_administration_j2eeweblogic_serverjackson-databindfinancial_services_analytical_applications_infrastructurecommunications_calendar_serverretail_xstore_point_of_servicecommunications_evolved_communications_application_servercommunications_element_managerenterprise_manager_base_platform
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-36186
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-2.21% / 83.79%
||
7 Day CHG~0.00%
Published-06 Jan, 2021 | 22:29
Updated-04 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle CorporationFasterXML, LLC.NetApp, Inc.
Product-primavera_unifiercloud_backupjd_edwards_enterpriseone_orchestratorprimavera_gatewaycommunications_network_charging_and_controlcommunications_session_route_managerretail_service_backbonecommunications_session_report_managercommunications_instant_messaging_serverautovue_for_agile_product_lifecycle_managementagile_plmcommunications_policy_managementcommunications_cloud_native_core_policyretail_merchandising_systemcommunications_convergent_charging_controllercommerce_platformblockchain_platformcommunications_cloud_native_core_unified_data_repositoryjackson-databindcommunications_evolved_communications_application_servercommunications_unified_inventory_managementservice_level_managerdocumakerapplication_testing_suitecommunications_services_gatekeeperbanking_virtual_account_managementretail_customer_management_and_segmentation_foundationinsurance_rules_palettecommunications_billing_and_revenue_managementcommunications_offline_mediation_controllerdebian_linuxbanking_supply_chain_financecommunications_diameter_signaling_routecommunications_pricing_design_centerbanking_credit_facilities_process_managementretail_xstore_point_of_serviceinsurance_policy_administrationbanking_corporate_lending_process_managementgoldengate_application_adaptersbanking_extensibility_workbenchcommunications_element_managerjd_edwards_enterpriseone_toolsbanking_treasury_managementwebcenter_portaldata_integratorn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-36179
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-61.30% / 98.25%
||
7 Day CHG~0.00%
Published-06 Jan, 2021 | 22:30
Updated-04 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle CorporationFasterXML, LLC.NetApp, Inc.
Product-primavera_unifiercloud_backupjd_edwards_enterpriseone_orchestratorprimavera_gatewaycommunications_network_charging_and_controlcommunications_session_route_managerretail_service_backbonecommunications_session_report_managercommunications_instant_messaging_serverautovue_for_agile_product_lifecycle_managementagile_plmcommunications_policy_managementcommunications_cloud_native_core_policyretail_merchandising_systemcommunications_convergent_charging_controllercommerce_platformblockchain_platformcommunications_cloud_native_core_unified_data_repositoryjackson-databindcommunications_evolved_communications_application_servercommunications_unified_inventory_managementservice_level_managerapplication_testing_suitecommunications_services_gatekeeperbanking_virtual_account_managementretail_customer_management_and_segmentation_foundationinsurance_rules_palettecommunications_billing_and_revenue_managementcommunications_offline_mediation_controllerdebian_linuxbanking_supply_chain_financecommunications_diameter_signaling_routecommunications_pricing_design_centerretail_xstore_point_of_serviceinsurance_policy_administrationbanking_corporate_lending_process_managementgoldengate_application_adaptersbanking_credit_facilities_process_managementcommunications_element_managerjd_edwards_enterpriseone_toolsbanking_treasury_managementwebcenter_portaldata_integratorn/acommunications_diameter_signaling_routerglobal_lifecycle_management_opatchretail_sales_auditprimavera_unifierbanking_digital_experiencejd_edwards_enterpriseone_orchestratorretail_service_backbonecommunications_network_charging_and_controlcommunications_session_route_managercommunications_instant_messaging_serveragile_plmautovue_for_agile_product_lifecycle_managementfinancial_services_retail_customer_analyticsfinancial_services_price_creation_and_discoveryretail_merchandising_systemfinancial_services_institutional_performance_analyticssteelstore_cloud_integrated_storagedebian_linuxinsurance_policy_administration_j2eeweblogic_serverjackson-databindfinancial_services_analytical_applications_infrastructurecommunications_calendar_serverretail_xstore_point_of_servicecommunications_evolved_communications_application_servercommunications_element_managerenterprise_manager_base_platform
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-35490
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-4.75% / 89.01%
||
7 Day CHG~0.00%
Published-17 Dec, 2020 | 18:43
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle CorporationFasterXML, LLC.NetApp, Inc.
Product-communications_diameter_signaling_routercommunications_offline_mediation_controllerbanking_platformcommunications_instant_messaging_serverautovue_for_agile_product_lifecycle_managementagile_plmretail_merchandising_systemcommunications_cloud_native_core_policydebian_linuxinsurance_policy_administration_j2eeblockchain_platformcommunications_cloud_native_core_unified_data_repositoryjackson-databindcommunications_pricing_design_centerretail_xstore_point_of_servicecommunications_evolved_communications_application_servercommunications_interactive_session_recordercommunications_unified_inventory_managementservice_level_managerdocumakerapplication_testing_suitecommunications_services_gatekeeperbanking_virtual_account_managementbanking_treasury_managementwebcenter_portaln/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2016-20012
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-25.27% / 95.98%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 19:32
Updated-06 Aug, 2024 | 04:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product

Action-Not Available
Vendor-n/aOpenBSDNetApp, Inc.
Product-clustered_data_ontapontap_select_deploy_administration_utilityhci_management_nodeopensshsolidfiren/a
CVE-2020-14301
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 49.64%
||
7 Day CHG~0.00%
Published-27 May, 2021 | 19:44
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.

Action-Not Available
Vendor-n/aRed Hat, Inc.NetApp, Inc.
Product-enterprise_linux_server_update_services_for_sap_solutionsontap_select_deploy_administration_utilityenterprise_linux_server_ausenterprise_linuxenterprise_linux_for_ibm_z_systemsenterprise_linux_eusenterprise_linux_for_power_little_endian_eusenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsenterprise_linux_for_power_little_endianenterprise_linux_for_ibm_z_systems_euslibvirtenterprise_linux_tuscodeready_linux_builderlibvirt
CWE ID-CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
CVE-2020-8696
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 30.93%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 18:02
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel CorporationNetApp, Inc.Debian GNU/LinuxFedora Project
Product-xeon_platinum_8153xeon_platinum_8276lxeon_w-2223core_i7-7700kcore_i7-8705gxeon_e-2276mcore_i7-8665uxeon_platinum_9222xeon_w-3245mxeon_gold_6230txeon_e3-1235lcore_i3-8300tcore_i7-7660ucore_i7-6600uxeon_gold_6146pentium_4415ycore_i7-8706gcore_i3-6300xeon_gold_6126txeon_w-3225xeon_e-2236celeron_5305upentium_gold_g5420core_i7-9700kfxeon_gold_5115xeon_silver_4208rcore_i7-7640xxeon_gold_6136xeon_platinum_8170xeon_w-2125core_i9-10940xcore_i5-8400hceleron_g3940core_i5-6310ucore_i7-8700xeon_e3-1501lcore_i3-6300tcore_i3-6120core_i5-8400core_i5-7y54xeon_gold_6138core_i7-7700txeon_gold_6246core_i5-10210uxeon_w-2295xeon_platinum_8164core_i7-6770hqcore_i7-8700kxeon_e-2226gcore_i9-9900kfpentium_g4400txeon_gold_6234solidfirepentium_gold_g5400txeon_e3-1268lcore_i7-8670xeon_w-2255core_i3-8145ucore_i5-10400hxeon_gold_5215mcore_i5-7442eqcore_i7-6822eqxeon_e-2134xeon_gold_5215core_i7-6700tecore_i3-7020uxeon_d-2143itxeon_gold_6262vcore_i3-8109upentium_g4500txeon_d-2163itxeon_platinum_8168core_i9-7920xxeon_e3-1515mcore_i7-7600uxeon_e-2224xeon_gold_5218core_i5-10110ycore_i3-7100exeon_silver_4109tcore_i7-10510yxeon_e-2278gexeon_gold_5215lcore_i3-10110uxeon_gold_6138fcore_m5-6y54xeon_gold_5122xeon_w-2245core_i5-6442eqcore_i5-6600kcore_i5-8420tcore_i9-7960xceleron_g3900core_i5-9600kcore_i7-7820xcore_i7-7700hqcore_i5-8400bxeon_platinum_8280mcore_i9-7980xexeon_silver_4114xeon_e3-1285pentium_g4420core_i7-7820hkcore_i3-8100hcore_i7-6870hqcore_i9-9940xceleron_g5305ucore_i5-8550pentium_g4500xeon_bronze_3104xeon_e-2184gxeon_gold_6240xeon_gold_6240lcore_i7-6970hqxeon_gold_6238lcore_i5-8350ucore_i3-6120tcore_i5-7500uxeon_platinum_8156core_i5-7300ucore_i5-8600xeon_e3-1225xeon_d-2173itceleron_g3930texeon_e-2136xeon_d-2123itcore_i7-10510ucore_i7-9700kxeon_e-2246gcore_i5-8500txeon_w-3265mcore_8269ucore_i5-7500celeron_3865ucore_i3-8100xeon_w-2265core_i5-6400xeon_e3-1545mcore_m7-6y75core_i5-7200uxeon_gold_6126fceleron_g4900tcore_m3-6y30pentium_g4540celeron_g3930efedoraxeon_gold_5218txeon_platinum_p-8124core_4205ucore_i9-8950hkxeon_gold_6150pentium_g4520core_i7-7700xeon_gold_5220rxeon_gold_6140pentium_4405ucore_i7-7920hqcore_i3-7102exeon_d-2146ntcore_i5-8600kxeon_platinum_8160fxeon_e-2254mlxeon_platinum_p-8136core_i5-8400txeon_e3-1220core_i7-8750hxeon_e3-1578lcore_i5-8365ucore_i9-10920xxeon_silver_4214ccore_i5-8420xeon_d-2187ntcore_i5-9600kfcore_i7-8670tcore_i7-6660ucore_i3-10100tepentium_4410ycore_i5-7600xeon_gold_6126xeon_e3-1240lcore_i9-7940xxeon_platinum_8160mceleron_3965ucore_i9-9960xxeon_d-2166ntxeon_e-2286mxeon_silver_4216xeon_gold_6230xeon_platinum_8253xeon_w-2195core_i3-7100hxeon_e-2276gcore_i3-8300xeon_e-2186gcore_i5-7400txeon_e-2276mlxeon_d-2183itxeon_e3-1535mxeon_silver_4116txeon_e-2244gxeon_e-2174gcore_i9-9900kxeon_e-2176gcore_i7-8809gclustered_data_ontapxeon_gold_6142fcore_i3-6320tcore_i5-7260ucore_i7-8700bcore_i7-8709gxeon_d-2145ntcore_i3-7120core_i5-6287uxeon_gold_6238xeon_gold_6130core_i5-7267umicrocodexeon_platinum_8260mcore_i7-7800xcore_i5-9400core_i9-9920xcore_i3-8100tpentium_4415uxeon_silver_4208core_i5-6500tcore_i5-6260uxeon_platinum_8260core_i3-7120tcore_i5-10210ycore_i7-8557ucore_i7-6560uxeon_w-2123pentium_g4420txeon_e3-1505lxeon_gold_5220sxeon_w-3275mcore_i7-8700txeon_platinum_9242core_i5-8300hxeon_gold_5215rxeon_platinum_9282core_i7-6820hqcore_i5-7400xeon_platinum_8280lxeon_silver_4110xeon_e3-1501mcore_i7-8650uxeon_bronze_3204xeon_gold_5119tcore_i5-6600xeon_silver_4108xeon_gold_6130tcore_i7-6700txeon_silver_4210core_i7-6920hqxeon_e3-1585pentium_gold_g5500tcore_i3-6100uxeon_e3-1565lxeon_gold_5217pentium_g4400texeon_gold_6230nxeon_platinum_8276mcore_i9-9800xxeon_w-3265xeon_gold_5218nxeon_e3-1260lxeon_bronze_3106xeon_gold_6138txeon_w-3245core_i7-9750hfxeon_gold_6238mceleron_g4920xeon_gold_5120core_i3-6167uxeon_e-2274gpentium_gold_g6405ucore_i5-8500bxeon_e-2124gxeon_e-2278gelxeon_e-2288gxeon_gold_5220xeon_platinum_8160txeon_e-2234core_i7-7740xxeon_silver_4214rcore_i7-6500ucore_i3-7110upentium_g4520txeon_gold_6254xeon_silver_4114tcore_i3-6320core_i3-8120celeron_g3902ecore_i5-9400fcore_i7-6700kxeon_e-2124core_i9-9880hcore_i3-8000core_i7-9850hcore_i5-7287uxeon_d-2141ixeon_gold_6154xeon_e3-1558ldebian_linuxcore_i3-7320tcore_i5-7440eqxeon_w-2175core_i7-8560uceleron_g3900thci_storage_node_biosxeon_platinum_8268core_i3-8000tceleron_g3920core_i5-6400tcore_i5-6300ucore_i3-7100uxeon_platinum_8176mxeon_e-2276mecore_i7-8565ucore_i3-7101texeon_gold_5222xeon_w-3275core_i5-7600kcore_m5-6y57core_i5-8250ucore_5405uxeon_e3-1245xeon_e-2126gcore_i5-7300hqcore_i7-7560uxeon_silver_4209txeon_silver_4116xeon_gold_6240mpentium_gold_g5420tcore_i7-7820eqcore_i3-6100hxeon_e3-1275xeon_gold_6252ncore_i5-8259uxeon_platinum_9221core_i5-7360uxeon_gold_6244core_i5-6500xeon_platinum_8160core_i3-7340xeon_gold_6248pentium_gold_g5500celeron_g5205uhcl_compute_nodexeon_silver_4216rcore_i5-6200uxeon_platinum_8280core_m3-8100ycore_i7-6700hqxeon_w-2235xeon_e-2186mxeon_gold_6148fcore_i5-6350hqxeon_e-2176mxeon_gold_6132xeon_gold_6240ycore_i7-6820hkcore_i5-7600txeon_platinum_8256xeon_gold_6152core_i9-9820xpentium_g4400xeon_platinum_8158xeon_w-2155core_i9-9900xcore_i7-7500ucore_i7-8550ucore_i5-10310yxeon_e-2224gxeon_w-2135xeon_e-2286gxeon_gold_6222vxeon_e-2284gcore_i3-6102exeon_platinum_8176xeon_e3-1505mxeon_gold_6242xeon_w-2145core_i5-6600tcore_i3-8020xeon_e-2226gecore_i7-6650ucore_i7-6510uxeon_gold_6142xeon_e-2278gxeon_platinum_8260yxeon_platinum_8270core_i5-9300hcore_i5-6210uxeon_e3-1240xeon_gold_6128xeon_silver_4215xeon_d-2142itxeon_platinum_8180mcore_i7-8850hcore_i5-7210ucore_i3-7130ucore_i7-10610uxeon_gold_5118xeon_gold_6130fcore_i3-7167ucore_i3-6100tcore_i5-9400hcore_i7-8500ycore_i7-7567ucore_i7-6820eqxeon_gold_6134mcore_i9-10900xxeon_silver_4214core_i5-8650xeon_platinum_8276xeon_gold_6238txeon_d-2161ixeon_silver_4210rcore_i5-6500texeon_silver_4214ycore_i7-7820hqceleron_g3920tcore_i5-8210yxeon_gold_5218bcore_m3-7y30xeon_gold_6142mcore_i3-6100exeon_e3-1280celeron_3955uxeon_platinum_8176fxeon_e3-1575mcore_i7-8750hfxeon_e3-1230solidfire_bioshci_storage_nodeceleron_g4900pentium_4405ycore_i5-8200ycore_i7-6567upentium_gold_g5400hcl_compute_node_bioscore_i3-7101ecore_i3-6100core_i5-8310yxeon_w-2275core_i9-7900xcore_i5-7640xcore_i5-8500xeon_silver_4112xeon_w-3223core_i5-7440hqxeon_gold_6226core_i5-6360uxeon_e-2144gcore_i7-7510uxeon_gold_5120tcore_i7-8510ycore_i7-8569ucore_i5-8650kxeon_gold_6252xeon_gold_6134core_i5-8265uxeon_platinum_9220xeon_e-2254mecore_i3-6110ucore_i3-7007ucore_i5-6300hqxeon_w-3235core_i5-6267uceleron_3965ycore_i5-6440hqcore_i7-7y75celeron_g3900texeon_bronze_3206rxeon_w-2225xeon_w-2133core_i7-6700celeron_3855ucore_i5-7y57core_i3-8350kxeon_gold_6148core_i5-6440eqcore_i5-8600tcore_i5-7500txeon_gold_6144core_i5-8305gxeon_platinum_8260lcore_i9-9980hkcore_i7-8559uxeon_gold_6140mxeon_platinum_8170mxeon_e-2146gcore_i3-6100texeon_d-2177ntcore_i3-8130uxeon_platinum_8180xeon_e3-1270pentium_gold_g5600xeon_gold_5220txeon_e3-1585lIntel(R) Processors
CWE ID-CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
CVE-2022-23633
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.4||HIGH
EPSS-0.27% / 50.23%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 00:00
Updated-03 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Exposure of sensitive information in Action Pack

Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.

Action-Not Available
Vendor-Debian GNU/LinuxRuby on Rails
Product-debian_linuxrailsrails
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
CVE-2022-22779
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-3.7||LOW
EPSS-0.21% / 43.79%
||
7 Day CHG-0.06%
Published-09 Feb, 2022 | 22:05
Updated-17 Sep, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Retained exploded messages in Keybase clients for macOS and Windows

The Keybase Clients for macOS and Windows before version 5.9.0 fails to properly remove exploded messages initiated by a user. This can occur if the receiving user switches to a non-chat feature and places the host in a sleep state before the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from a user’s filesystem.

Action-Not Available
Vendor-keybaseApple Inc.Microsoft CorporationZoom Communications, Inc.
Product-windowsmacoskeybaseKeybase Client for macOSKeybase Client for Windows
CWE ID-CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
CVE-2022-4734
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.1||HIGH
EPSS-0.08% / 25.36%
||
7 Day CHG~0.00%
Published-25 Dec, 2022 | 00:00
Updated-10 Apr, 2025 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Removal of Sensitive Information Before Storage or Transfer in usememos/memos

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository usememos/memos prior to 0.9.1.

Action-Not Available
Vendor-Usememos
Product-memosusememos/memos
CWE ID-CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
CVE-2022-0536
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-2.6||LOW
EPSS-0.06% / 19.82%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 10:45
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Removal of Sensitive Information Before Storage or Transfer in follow-redirects/follow-redirects

Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects prior to 1.14.8.

Action-Not Available
Vendor-follow-redirects_projectfollow-redirects
Product-follow-redirectsfollow-redirects/follow-redirects
CWE ID-CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
CVE-2020-26965
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.44% / 62.48%
||
7 Day CHG~0.00%
Published-09 Dec, 2020 | 00:24
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdfirefox_esrFirefoxFirefox ESRThunderbird
CWE ID-CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found