CVE-2024-1272 - Vulnerability Details - OpenCVE

Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before v0.251.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tnbmobil	Cockpit

Configuration 1 [-]

cpe:2.3:a:tnbmobil:cockpit:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.usom.gov.tr/bildirim/tr-24-0601

History

No history.

MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2024-06-05T08:28:39.699Z

Updated: 2024-08-01T18:33:25.218Z

Reserved: 2024-02-06T12:32:59.239Z

Link: CVE-2024-1272

Vulnrichment

Updated: 2024-08-01T18:33:25.218Z

NVD

Status : Modified

Published: 2024-06-05T09:15:09.620

Modified: 2024-11-21T08:50:12.417

Link: CVE-2024-1272

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1272", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2024-02-06T12:32:59.239Z", "datePublished": "2024-06-05T08:28:39.699Z", "dateUpdated": "2024-08-01T18:33:25.218Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Cockpit Software", "vendor": "TNB Mobile Solutions", "versions": [{"lessThan": "v0.251.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Yusuf Kamil \u00c7AVU\u015eO\u011eLU"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.<p>This issue affects Cockpit Software: before v0.251.1.</p>"}], "value": "Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before v0.251.1."}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-540", "description": "CWE-540 Inclusion of Sensitive Information in Source Code", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2024-06-05T08:28:39.699Z"}, "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-24-0601"}], "source": {"advisory": "TR-24-0601", "defect": ["TR-24-0601"], "discovery": "UNKNOWN"}, "title": "Information Disclosure to Source Code in TNB Mobile Solutions' Cockpit Software", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "tnb_mobile_solutions", "product": "cockpit_software", "cpes": ["cpe:2.3:a:tnb_mobile_solutions:cockpit_software:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "0.251.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-05T13:27:38.217095Z", "id": "CVE-2024-1272", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-05T13:39:37.510Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:33:25.218Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-24-0601", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-24-0601", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:33:25.218Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1272", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-05T13:27:38.217095Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:tnb_mobile_solutions:cockpit_software:*:*:*:*:*:*:*:*"], "vendor": "tnb_mobile_solutions", "product": "cockpit_software", "versions": [{"status": "affected", "version": "0", "lessThan": "0.251.1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-05T13:39:15.352Z"}}], "cna": {"title": "Information Disclosure to Source Code in TNB Mobile Solutions' Cockpit Software", "source": {"defect": ["TR-24-0601"], "advisory": "TR-24-0601", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Yusuf Kamil \u00c7AVU\u015eO\u011eLU"}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "TNB Mobile Solutions", "product": "Cockpit Software", "versions": [{"status": "affected", "version": "0", "lessThan": "v0.251.1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-24-0601"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before v0.251.1.", "supportingMedia": [{"type": "text/html", "value": "Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.<p>This issue affects Cockpit Software: before v0.251.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-540", "description": "CWE-540 Inclusion of Sensitive Information in Source Code"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2024-06-05T08:28:39.699Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1272", "state": "PUBLISHED", "dateUpdated": "2024-08-01T18:33:25.218Z", "dateReserved": "2024-02-06T12:32:59.239Z", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "datePublished": "2024-06-05T08:28:39.699Z", "assignerShortName": "TR-CERT"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tnbmobil:cockpit:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD0B9EF1-1C4D-4A5F-AB09-943514CDDBAB", "versionEndExcluding": "0.251.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before v0.251.1."}, {"lang": "es", "value": "La inclusi\u00f3n de informaci\u00f3n confidencial en la vulnerabilidad del c\u00f3digo fuente en TNB Mobile Solutions Cockpit Software permite recuperar datos confidenciales incrustados. Este problema afecta a Cockpit Software: anterior a v0.251.1."}], "id": "CVE-2024-1272", "lastModified": "2024-11-21T08:50:12.417", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "iletisim@usom.gov.tr", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-05T09:15:09.620", "references": [{"source": "iletisim@usom.gov.tr", "tags": ["Third Party Advisory"], "url": "https://www.usom.gov.tr/bildirim/tr-24-0601"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.usom.gov.tr/bildirim/tr-24-0601"}], "sourceIdentifier": "iletisim@usom.gov.tr", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-540"}], "source": "iletisim@usom.gov.tr", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}