CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Description
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-116 · CAPEC-13 · CAPEC-169 · CAPEC-22 · CAPEC-224 · CAPEC-285 · CAPEC-287 · CAPEC-290 · CAPEC-291 · CAPEC-292 · CAPEC-293 · CAPEC-294 · CAPEC-295 · CAPEC-296 · CAPEC-297 · CAPEC-298 · CAPEC-299 · CAPEC-300 · CAPEC-301 · CAPEC-302 · CAPEC-303 · CAPEC-304 · CAPEC-305 · CAPEC-306 · CAPEC-307 · CAPEC-308 · CAPEC-309 · CAPEC-310 · CAPEC-312 · CAPEC-313 · CAPEC-317 · CAPEC-318 · CAPEC-319 · CAPEC-320 · CAPEC-321 · CAPEC-322 · CAPEC-323 · CAPEC-324 · CAPEC-325 · CAPEC-326 · CAPEC-327 · CAPEC-328 · CAPEC-329 · CAPEC-330 · CAPEC-472 · CAPEC-497 · CAPEC-508 · CAPEC-573 · CAPEC-574 · CAPEC-575 · CAPEC-576 · CAPEC-577 · CAPEC-59 · CAPEC-60 · CAPEC-616 · CAPEC-643 · CAPEC-646 · CAPEC-651 · CAPEC-79
CVEs mapped to this weakness (7,319)
page 35 of 366| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-16057 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | nodemssql was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16056 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16055 | Hig | 0.49 | 7.5 | 0.01 | Jun 4, 2018 | `sqlserver` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16054 | — | Hig | 0.49 | 7.5 | 0.01 | Jun 4, 2018 | `nodefabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |
| CVE-2017-16053 | Hig | 0.49 | 7.5 | 0.01 | Jun 4, 2018 | `fabric-js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16052 | — | Hig | 0.49 | 7.5 | 0.01 | Jun 4, 2018 | `node-fabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |
| CVE-2017-16051 | Hig | 0.49 | 7.5 | 0.01 | Jun 4, 2018 | `sqliter` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16050 | Hig | 0.49 | 7.5 | 0.01 | Jun 4, 2018 | `sqlite.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16049 | Hig | 0.49 | 7.5 | 0.01 | Jun 4, 2018 | `nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16048 | Hig | 0.49 | 7.5 | 0.01 | Jun 4, 2018 | `node-sqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16045 | Hig | 0.49 | 7.5 | 0.01 | Jun 4, 2018 | `jquery.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16044 | Hig | 0.49 | 7.5 | 0.01 | Jun 4, 2018 | `d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2016-10519 | — | Hig | 0.49 | 7.5 | 0.02 | May 31, 2018 | A security issue was found in bittorrent-dht before 5.1.3 that allows someone to send a specific series of messages to a listening peer and get it to reveal internal memory. | |
| CVE-2017-16062 | — | Hig | 0.49 | 7.5 | 0.01 | May 29, 2018 | node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |
| CVE-2017-16061 | — | Hig | 0.49 | 7.5 | 0.01 | May 29, 2018 | tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |
| CVE-2017-16047 | Hig | 0.49 | 7.5 | 0.01 | May 29, 2018 | mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2018-10652 | Hig | 0.49 | 7.5 | 0.01 | May 23, 2018 | There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3. | ||
| CVE-2018-4925 | Hig | 0.49 | 7.5 | 0.04 | May 19, 2018 | Adobe Digital Editions versions 4.5.7 and below have an exploitable Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||
| CVE-2018-5256 | Hig | 0.49 | 7.5 | 0.02 | May 18, 2018 | CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to Tectonic and allows an attacker to directly connect to the kubernetes API server.… | ||
| CVE-2018-1438 | Hig | 0.49 | 7.5 | 0.02 | May 17, 2018 | IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on… |
- risk 0.49cvss 7.5epss 0.01
nodemssql was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
`sqlserver` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
`nodefabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
`fabric-js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
`node-fabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
`sqliter` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
`sqlite.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
`nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
`node-sqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
`jquery.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
`d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.02
A security issue was found in bittorrent-dht before 5.1.3 that allows someone to send a specific series of messages to a listening peer and get it to reveal internal memory.
- risk 0.49cvss 7.5epss 0.01
node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3.
- risk 0.49cvss 7.5epss 0.04
Adobe Digital Editions versions 4.5.7 and below have an exploitable Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
- risk 0.49cvss 7.5epss 0.02
CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to Tectonic and allows an attacker to directly connect to the kubernetes API server.…
- risk 0.49cvss 7.5epss 0.02
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on…