CVE-2024-31493

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-212
View all →

Vulnerability Description

An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP responses.

Related Vulnerabilities

CVE-2020-14301

MEDIUM
CVSS:6.5(Medium)

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows ...

CWE-2122020

CVE-2020-26965

MEDIUM
CVSS:6.5(Medium)

Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers...

CWE-2122020

CVE-2021-26341

MEDIUM
CVSS:6.5(Medium)

Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.

CWE-2122021

CVE-2022-25187

MEDIUM
CVSS:6.5(Medium)

Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle.

CWE-2122022

CVE-2022-29900

MEDIUM
CVSS:6.5(Medium)

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.

CWE-2122022

CVE-2024-56353

MEDIUM
CVSS:6.5(Medium)

In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies

CWE-2122024