An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure.
References
Link | Resource |
---|---|
https://www.insyde.com/security-pledge/SA-2023047 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
24 Aug 2023, 21:26
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:insyde:insydeh2o:05.37.19:*:*:*:*:*:*:* cpe:2.3:a:insyde:insydeh2o:05.45.19:*:*:*:*:*:*:* cpe:2.3:a:insyde:insydeh2o:05.53.19:*:*:*:*:*:*:* cpe:2.3:a:insyde:insydeh2o:05.28.19:*:*:*:*:*:*:* |
cpe:2.3:a:insyde:insydeh2o:5.2:*:*:*:*:*:*:* cpe:2.3:a:insyde:insydeh2o:5.4:*:*:*:*:*:*:* cpe:2.3:a:insyde:insydeh2o:5.1:*:*:*:*:*:*:* cpe:2.3:a:insyde:insydeh2o:5.5:*:*:*:*:*:*:* cpe:2.3:a:insyde:insydeh2o:5.3:*:*:*:*:*:*:* cpe:2.3:a:insyde:insydeh2o:5.0:*:*:*:*:*:*:* |
22 Aug 2023, 17:59
Type | Values Removed | Values Added |
---|---|---|
First Time |
Insyde insydeh2o
Insyde |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:a:insyde:insydeh2o:05.45.19:*:*:*:*:*:*:* cpe:2.3:a:insyde:insydeh2o:05.37.19:*:*:*:*:*:*:* cpe:2.3:a:insyde:insydeh2o:05.60.20:*:*:*:*:*:*:* cpe:2.3:a:insyde:insydeh2o:05.28.19:*:*:*:*:*:*:* cpe:2.3:a:insyde:insydeh2o:05.53.19:*:*:*:*:*:*:* |
|
CWE | CWE-312 | |
References | (MISC) https://www.insyde.com/security-pledge/SA-2023047 - Vendor Advisory |
14 Aug 2023, 15:58
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-14 15:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-31041
Mitre link : CVE-2023-31041
CVE.ORG link : CVE-2023-31041
JSON object : View
Products Affected
insyde
- insydeh2o
CWE
CWE-312
Cleartext Storage of Sensitive Information