CVE-2024-1272 - Vulnerability Details - OpenCVE

ReportizFlow

Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before v0.251.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Tnb Mobile Solutions	Cockpit Software
Tnbmobil	Cockpit

Configuration 1 [-]

cpe:2.3:a:tnbmobil:cockpit:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.usom.gov.tr/bildirim/tr-24-0601

History

Fri, 12 Sep 2025 07:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tnb Mobile Solutions Tnb Mobile Solutions cockpit Software
CPEs		cpe:2.3:a:tnb_mobile_solutions:cockpit_software::::::::
Vendors & Products		Tnb Mobile Solutions Tnb Mobile Solutions cockpit Software
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 12 Sep 2025 06:45:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`	cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

Mon, 14 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00157}`	epss `{'score': 0.0012}`

MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2024-06-05T08:28:39.699Z

Updated: 2025-09-12T06:34:11.641Z

Reserved: 2024-02-06T12:32:59.239Z

Link: CVE-2024-1272

Vulnrichment

Updated: 2024-08-01T18:33:25.218Z

NVD

Status : Modified

Published: 2024-06-05T09:15:09.620

Modified: 2025-09-12T07:15:33.557

Link: CVE-2024-1272

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1272", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2024-02-06T12:32:59.239Z", "datePublished": "2024-06-05T08:28:39.699Z", "dateUpdated": "2025-09-12T06:34:11.641Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Cockpit Software", "vendor": "TNB Mobile Solutions", "versions": [{"lessThan": "v0.251.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Yusuf Kamil \u00c7AVU\u015eO\u011eLU"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.<p>This issue affects Cockpit Software: before v0.251.1.</p>"}], "value": "Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before v0.251.1."}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-540", "description": "CWE-540 Inclusion of Sensitive Information in Source Code", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2025-09-12T06:34:11.641Z"}, "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-24-0601"}], "source": {"advisory": "TR-24-0601", "defect": ["TR-24-0601"], "discovery": "UNKNOWN"}, "title": "Information Disclosure to Source Code in TNB Mobile Solutions' Cockpit Software", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "tnb_mobile_solutions", "product": "cockpit_software", "cpes": ["cpe:2.3:a:tnb_mobile_solutions:cockpit_software:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "0.251.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-05T13:27:38.217095Z", "id": "CVE-2024-1272", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-05T13:39:37.510Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:33:25.218Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-24-0601", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-24-0601", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:33:25.218Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1272", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-05T13:27:38.217095Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:tnb_mobile_solutions:cockpit_software:*:*:*:*:*:*:*:*"], "vendor": "tnb_mobile_solutions", "product": "cockpit_software", "versions": [{"status": "affected", "version": "0", "lessThan": "0.251.1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-05T13:39:15.352Z"}}], "cna": {"title": "Information Disclosure to Source Code in TNB Mobile Solutions' Cockpit Software", "source": {"defect": ["TR-24-0601"], "advisory": "TR-24-0601", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Yusuf Kamil \u00c7AVU\u015eO\u011eLU"}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "TNB Mobile Solutions", "product": "Cockpit Software", "versions": [{"status": "affected", "version": "0", "lessThan": "v0.251.1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-24-0601"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before v0.251.1.", "supportingMedia": [{"type": "text/html", "value": "Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.<p>This issue affects Cockpit Software: before v0.251.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-540", "description": "CWE-540 Inclusion of Sensitive Information in Source Code"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2025-09-12T06:34:11.641Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1272", "state": "PUBLISHED", "dateUpdated": "2025-09-12T06:34:11.641Z", "dateReserved": "2024-02-06T12:32:59.239Z", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "datePublished": "2024-06-05T08:28:39.699Z", "assignerShortName": "TR-CERT"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tnbmobil:cockpit:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD0B9EF1-1C4D-4A5F-AB09-943514CDDBAB", "versionEndExcluding": "0.251.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before v0.251.1."}, {"lang": "es", "value": "La inclusi\u00f3n de informaci\u00f3n confidencial en la vulnerabilidad del c\u00f3digo fuente en TNB Mobile Solutions Cockpit Software permite recuperar datos confidenciales incrustados. Este problema afecta a Cockpit Software: anterior a v0.251.1."}], "id": "CVE-2024-1272", "lastModified": "2025-09-12T07:15:33.557", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}]}, "published": "2024-06-05T09:15:09.620", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://www.usom.gov.tr/bildirim/tr-24-0601"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.usom.gov.tr/bildirim/tr-24-0601"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-540"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "[email protected]", "type": "Primary"}]}