VYPR

CWE-922

Insecure Storage of Sensitive Information

ClassIncomplete

Description

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

If read access is not properly restricted, then attackers can steal the sensitive information. If write access is not properly restricted, then attackers can modify and possibly delete the data, causing incorrect results and possibly a denial of service.

Hierarchy (View 1000)

Parents

CVEs mapped to this weakness (144)

page 8 of 8
  • CVE-2022-0724Feb 23, 2022
    risk 0.00cvss epss 0.01

    Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3.

  • CVE-2021-36786Aug 13, 2021
    risk 0.00cvss epss 0.01

    The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys.

  • CVE-2021-38599Aug 12, 2021
    risk 0.00cvss epss 0.01

    WAL-G before 1.1, when a non-libsodium build (e.g., one of the official binary releases published as GitHub Releases) is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user…

  • CVE-2020-29603Jan 29, 2021
    risk 0.00cvss epss 0.01

    In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them.