CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Description
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-116 · CAPEC-13 · CAPEC-169 · CAPEC-22 · CAPEC-224 · CAPEC-285 · CAPEC-287 · CAPEC-290 · CAPEC-291 · CAPEC-292 · CAPEC-293 · CAPEC-294 · CAPEC-295 · CAPEC-296 · CAPEC-297 · CAPEC-298 · CAPEC-299 · CAPEC-300 · CAPEC-301 · CAPEC-302 · CAPEC-303 · CAPEC-304 · CAPEC-305 · CAPEC-306 · CAPEC-307 · CAPEC-308 · CAPEC-309 · CAPEC-310 · CAPEC-312 · CAPEC-313 · CAPEC-317 · CAPEC-318 · CAPEC-319 · CAPEC-320 · CAPEC-321 · CAPEC-322 · CAPEC-323 · CAPEC-324 · CAPEC-325 · CAPEC-326 · CAPEC-327 · CAPEC-328 · CAPEC-329 · CAPEC-330 · CAPEC-472 · CAPEC-497 · CAPEC-508 · CAPEC-573 · CAPEC-574 · CAPEC-575 · CAPEC-576 · CAPEC-577 · CAPEC-59 · CAPEC-60 · CAPEC-616 · CAPEC-643 · CAPEC-646 · CAPEC-651 · CAPEC-79
CVEs mapped to this weakness (7,319)
page 34 of 366| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-16079 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | smb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16078 | — | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |
| CVE-2017-16077 | — | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | mongose was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |
| CVE-2017-16076 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16075 | — | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | http-proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |
| CVE-2017-16074 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16073 | — | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | noderequest was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |
| CVE-2017-16072 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16071 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16070 | — | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | nodecaffe was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |
| CVE-2017-16069 | — | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | nodeffmpeg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |
| CVE-2017-16068 | — | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | ffmepg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |
| CVE-2017-16067 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16066 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16065 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | openssl.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16064 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | node-openssl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16063 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | node-opensl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16060 | — | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | babelcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |
| CVE-2017-16059 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16058 | — | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | gruntcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
- risk 0.49cvss 7.5epss 0.01
smb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
mongose was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
http-proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
noderequest was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
nodecaffe was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
nodeffmpeg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
ffmepg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
openssl.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
node-openssl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
node-opensl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
babelcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
gruntcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.