CWE-526
Cleartext Storage of Sensitive Information in an Environment Variable
Description
The product uses an environment variable to store unencrypted sensitive information.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45370 | Hig | 0.50 | 7.7 | 0.00 | May 14, 2026 | python-utcp is the python implementation of UTCP. Prior to 1.1.3, _prepare_environment() in cli_communication_protocol.py passes a full copy of os.environ to every CLI subprocess. When combined with CVE-2026-45369, an attacker can exfiltrate all process-level secrets in a single… | ||
| CVE-2026-40153 | Hig | 0.48 | 7.4 | 0.00 | Apr 9, 2026 | PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the execute_command function in shell_tools.py calls os.path.expandvars() on every command argument at line 64, manually re-implementing shell-level environment variable expansion despite using shell=False (line… | ||
| CVE-2024-4369 | — | Med | 0.44 | 6.8 | 0.01 | May 1, 2024 | An information disclosure flaw was found in OpenShift's internal image registry operator. The AZURE_CLIENT_SECRET can be exposed through an environment variable defined in the pod definition, but is limited to Azure environments. An attacker controlling an account that has high… | |
| CVE-2024-12604 | Med | 0.42 | 6.5 | 0.00 | Mar 10, 2025 | Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap&Sign App allows Password Recovery Exploitation, Functionality Misuse. This issue affects Tap&Sign App:… | ||
| CVE-2024-2700 | Hig | 0.39 | 7.0 | 0.00 | Apr 4, 2024 | A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment… | ||
| CVE-2024-47056 | Med | 0.33 | 5.1 | 0.00 | May 28, 2025 | SummaryThis advisory addresses a security vulnerability in Mautic where sensitive .env configuration files may be directly accessible via a web browser. This exposure could lead to the disclosure of sensitive information, including database credentials, API keys, and other… | ||
| CVE-2025-9162 | Med | 0.32 | 4.9 | 0.00 | Aug 21, 2025 | A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process allows for injection attacks when crafted… | ||
| CVE-2025-36105 | Med | 0.29 | 4.4 | 0.00 | Mar 10, 2026 | IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1.4 could allow a local privileged user to obtain sensitive information from environment variables. | ||
| CVE-2026-49377 | Med | 0.28 | 4.3 | 0.01 | May 29, 2026 | In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters | ||
| CVE-2024-11736 | Med | 0.25 | 4.9 | 0.01 | Jan 14, 2025 | A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like ${env.VARNAME} or… | ||
| CVE-2023-5720 | 0.00 | — | 0.01 | Nov 15, 2023 | A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application. | |||
| CVE-2023-35931 | 0.00 | — | 0.01 | Jun 23, 2023 | Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1. | |||
| CVE-2019-14802 | 0.00 | — | 0.01 | Dec 26, 2022 | HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/allocrunner/taskrunner/template. | |||
| CVE-2014-2377 | 0.00 | — | 0.02 | Sep 15, 2014 | Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag. |
- risk 0.50cvss 7.7epss 0.00
python-utcp is the python implementation of UTCP. Prior to 1.1.3, _prepare_environment() in cli_communication_protocol.py passes a full copy of os.environ to every CLI subprocess. When combined with CVE-2026-45369, an attacker can exfiltrate all process-level secrets in a single…
- risk 0.48cvss 7.4epss 0.00
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the execute_command function in shell_tools.py calls os.path.expandvars() on every command argument at line 64, manually re-implementing shell-level environment variable expansion despite using shell=False (line…
- risk 0.44cvss 6.8epss 0.01
An information disclosure flaw was found in OpenShift's internal image registry operator. The AZURE_CLIENT_SECRET can be exposed through an environment variable defined in the pod definition, but is limited to Azure environments. An attacker controlling an account that has high…
- risk 0.42cvss 6.5epss 0.00
Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap&Sign App allows Password Recovery Exploitation, Functionality Misuse. This issue affects Tap&Sign App:…
- risk 0.39cvss 7.0epss 0.00
A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment…
- risk 0.33cvss 5.1epss 0.00
SummaryThis advisory addresses a security vulnerability in Mautic where sensitive .env configuration files may be directly accessible via a web browser. This exposure could lead to the disclosure of sensitive information, including database credentials, API keys, and other…
- risk 0.32cvss 4.9epss 0.00
A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process allows for injection attacks when crafted…
- risk 0.29cvss 4.4epss 0.00
IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1.4 could allow a local privileged user to obtain sensitive information from environment variables.
- risk 0.28cvss 4.3epss 0.01
In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters
- risk 0.25cvss 4.9epss 0.01
A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like ${env.VARNAME} or…
- CVE-2023-5720Nov 15, 2023risk 0.00cvss —epss 0.01
A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application.
- CVE-2023-35931Jun 23, 2023risk 0.00cvss —epss 0.01
Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1.
- CVE-2019-14802Dec 26, 2022risk 0.00cvss —epss 0.01
HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/allocrunner/taskrunner/template.
- CVE-2014-2377Sep 15, 2014risk 0.00cvss —epss 0.02
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.