CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Description
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-116 · CAPEC-13 · CAPEC-169 · CAPEC-22 · CAPEC-224 · CAPEC-285 · CAPEC-287 · CAPEC-290 · CAPEC-291 · CAPEC-292 · CAPEC-293 · CAPEC-294 · CAPEC-295 · CAPEC-296 · CAPEC-297 · CAPEC-298 · CAPEC-299 · CAPEC-300 · CAPEC-301 · CAPEC-302 · CAPEC-303 · CAPEC-304 · CAPEC-305 · CAPEC-306 · CAPEC-307 · CAPEC-308 · CAPEC-309 · CAPEC-310 · CAPEC-312 · CAPEC-313 · CAPEC-317 · CAPEC-318 · CAPEC-319 · CAPEC-320 · CAPEC-321 · CAPEC-322 · CAPEC-323 · CAPEC-324 · CAPEC-325 · CAPEC-326 · CAPEC-327 · CAPEC-328 · CAPEC-329 · CAPEC-330 · CAPEC-472 · CAPEC-497 · CAPEC-508 · CAPEC-573 · CAPEC-574 · CAPEC-575 · CAPEC-576 · CAPEC-577 · CAPEC-59 · CAPEC-60 · CAPEC-616 · CAPEC-643 · CAPEC-646 · CAPEC-651 · CAPEC-79
CVEs mapped to this weakness (7,319)
page 30 of 366| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-11976 | — | Hig | 0.49 | 7.5 | 0.04 | Aug 11, 2020 | By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and… | |
| CVE-2020-9591 | Hig | 0.49 | 7.5 | 0.03 | Jun 26, 2020 | Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to unauthorized access to admin panel. | ||
| CVE-2020-13764 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 2, 2020 | common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because user_pass is not considered a special case for a $current_user->get($property) call. | |
| CVE-2020-10591 | — | Hig | 0.49 | 7.5 | 0.02 | Mar 15, 2020 | An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Access-Control-Allow-Origin headers have a potentially unsafe dependency on Origin headers, and are not configurable. This allows remote attackers to discover host information, nodes, API metadata, and… | |
| CVE-2012-1094 | — | Hig | 0.49 | 7.5 | 0.01 | Mar 10, 2020 | JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed. | |
| CVE-2020-1940 | Hig | 0.49 | 7.5 | 0.05 | Jan 28, 2020 | The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials… | ||
| CVE-2019-6852 | — | Hig | 0.49 | 7.5 | 0.01 | Nov 20, 2019 | A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the… | |
| CVE-2019-0202 | Hig | 0.49 | 7.5 | 0.02 | Jul 26, 2019 | The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these… | ||
| CVE-2019-12474 | — | Hig | 0.49 | 7.5 | 0.02 | Jul 10, 2019 | Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. | |
| CVE-2011-3147 | Hig | 0.49 | 8.6 | 0.01 | Apr 22, 2019 | Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem. | ||
| CVE-2018-1296 | — | Hig | 0.49 | 7.5 | 0.03 | Feb 7, 2019 | In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent. | |
| CVE-2017-15031 | Hig | 0.49 | 7.5 | 0.02 | Dec 18, 2018 | In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information. | ||
| CVE-2014-10076 | Hig | 0.49 | 7.5 | 0.02 | Oct 5, 2018 | The wp-db-backup plugin 2.2.4 for WordPress relies on a five-character string for access control, which makes it easier for remote attackers to read backup archives via a brute-force attack. | ||
| CVE-2015-9269 | Hig | 0.49 | 7.5 | 0.03 | Oct 1, 2018 | The export/content.php exportarticle feature in the wordpress-mobile-pack plugin before 2.1.3 2015-06-03 for WordPress allows remote attackers to obtain sensitive information because the content of a privately published post is sent in JSON format. | ||
| CVE-2018-17781 | Hig | 0.49 | 7.5 | 0.02 | Sep 29, 2018 | Foxit PhantomPDF and Reader before 9.3 allow remote attackers to trigger Uninitialized Object Information Disclosure because creation of ArrayBuffer and DataView objects is mishandled. | ||
| CVE-2018-17555 | Hig | 0.49 | 7.5 | 0.02 | Sep 26, 2018 | The web component on ARRIS TG2492LG-NA 061213 devices allows remote attackers to obtain sensitive information via the /snmpGet oids parameter. | ||
| CVE-2018-15967 | Hig | 0.49 | 7.5 | 0.08 | Sep 25, 2018 | Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to information disclosure. | ||
| CVE-2018-15964 | Hig | 0.49 | 7.5 | 0.08 | Sep 25, 2018 | Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to information disclosure. | ||
| CVE-2018-14730 | — | Hig | 0.49 | 7.5 | 0.02 | Sep 21, 2018 | An issue was discovered in Browserify-HMR. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSocket server via a… | |
| CVE-2018-16948 | Hig | 0.49 | 7.5 | 0.02 | Sep 12, 2018 | An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx… |
- risk 0.49cvss 7.5epss 0.04
By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and…
- risk 0.49cvss 7.5epss 0.03
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to unauthorized access to admin panel.
- risk 0.49cvss 7.5epss 0.02
common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because user_pass is not considered a special case for a $current_user->get($property) call.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Access-Control-Allow-Origin headers have a potentially unsafe dependency on Origin headers, and are not configurable. This allows remote attackers to discover host information, nodes, API metadata, and…
- risk 0.49cvss 7.5epss 0.01
JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.
- risk 0.49cvss 7.5epss 0.05
The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials…
- risk 0.49cvss 7.5epss 0.01
A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the…
- risk 0.49cvss 7.5epss 0.02
The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these…
- risk 0.49cvss 7.5epss 0.02
Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
- risk 0.49cvss 8.6epss 0.01
Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem.
- risk 0.49cvss 7.5epss 0.03
In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent.
- risk 0.49cvss 7.5epss 0.02
In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information.
- risk 0.49cvss 7.5epss 0.02
The wp-db-backup plugin 2.2.4 for WordPress relies on a five-character string for access control, which makes it easier for remote attackers to read backup archives via a brute-force attack.
- risk 0.49cvss 7.5epss 0.03
The export/content.php exportarticle feature in the wordpress-mobile-pack plugin before 2.1.3 2015-06-03 for WordPress allows remote attackers to obtain sensitive information because the content of a privately published post is sent in JSON format.
- risk 0.49cvss 7.5epss 0.02
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to trigger Uninitialized Object Information Disclosure because creation of ArrayBuffer and DataView objects is mishandled.
- risk 0.49cvss 7.5epss 0.02
The web component on ARRIS TG2492LG-NA 061213 devices allows remote attackers to obtain sensitive information via the /snmpGet oids parameter.
- risk 0.49cvss 7.5epss 0.08
Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to information disclosure.
- risk 0.49cvss 7.5epss 0.08
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to information disclosure.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Browserify-HMR. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSocket server via a…
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx…