CWE-922
Insecure Storage of Sensitive Information
Description
The product stores sensitive information without properly limiting read or write access by unauthorized actors.
Hierarchy (View 1000)
CVEs mapped to this weakness (144)
page 8 of 8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-0724 | 0.00 | — | 0.01 | Feb 23, 2022 | Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3. | |||
| CVE-2021-36786 | — | 0.00 | — | 0.01 | Aug 13, 2021 | The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys. | ||
| CVE-2021-38599 | — | 0.00 | — | 0.01 | Aug 12, 2021 | WAL-G before 1.1, when a non-libsodium build (e.g., one of the official binary releases published as GitHub Releases) is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user… | ||
| CVE-2020-29603 | — | 0.00 | — | 0.01 | Jan 29, 2021 | In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them. |
- CVE-2022-0724Feb 23, 2022risk 0.00cvss —epss 0.01
Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3.
- CVE-2021-36786Aug 13, 2021risk 0.00cvss —epss 0.01
The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys.
- CVE-2021-38599Aug 12, 2021risk 0.00cvss —epss 0.01
WAL-G before 1.1, when a non-libsodium build (e.g., one of the official binary releases published as GitHub Releases) is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user…
- CVE-2020-29603Jan 29, 2021risk 0.00cvss —epss 0.01
In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them.