CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Description
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-116 · CAPEC-13 · CAPEC-169 · CAPEC-22 · CAPEC-224 · CAPEC-285 · CAPEC-287 · CAPEC-290 · CAPEC-291 · CAPEC-292 · CAPEC-293 · CAPEC-294 · CAPEC-295 · CAPEC-296 · CAPEC-297 · CAPEC-298 · CAPEC-299 · CAPEC-300 · CAPEC-301 · CAPEC-302 · CAPEC-303 · CAPEC-304 · CAPEC-305 · CAPEC-306 · CAPEC-307 · CAPEC-308 · CAPEC-309 · CAPEC-310 · CAPEC-312 · CAPEC-313 · CAPEC-317 · CAPEC-318 · CAPEC-319 · CAPEC-320 · CAPEC-321 · CAPEC-322 · CAPEC-323 · CAPEC-324 · CAPEC-325 · CAPEC-326 · CAPEC-327 · CAPEC-328 · CAPEC-329 · CAPEC-330 · CAPEC-472 · CAPEC-497 · CAPEC-508 · CAPEC-573 · CAPEC-574 · CAPEC-575 · CAPEC-576 · CAPEC-577 · CAPEC-59 · CAPEC-60 · CAPEC-616 · CAPEC-643 · CAPEC-646 · CAPEC-651 · CAPEC-79
CVEs mapped to this weakness (7,319)
page 70 of 366| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-24408 | Med | 0.42 | 6.5 | 0.01 | Feb 11, 2025 | Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. A low-privileged attacker could gain unauthorized access to sensitive information.… | ||
| CVE-2025-21620 | Hig | 0.42 | 7.5 | 0.01 | Jan 6, 2025 | Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. When you send a request with the Authorization header to one domain, and the response asks to redirect to a different domain, Deno'sfetch() redirect handling creates a follow-up redirect request that… | ||
| CVE-2024-54151 | Hig | 0.42 | 7.5 | 0.01 | Dec 9, 2024 | Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 11.0.0 and prior to version 11.3.0, when setting `WEBSOCKETS_GRAPHQL_AUTH` or `WEBSOCKETS_REST_AUTH` to "public", an unauthenticated user is able to do any of the supported… | ||
| CVE-2024-53862 | Hig | 0.42 | 7.5 | 0.01 | Dec 2, 2024 | Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using `--auth-mode=client`, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint:… | ||
| CVE-2024-53859 | — | Med | 0.42 | 6.5 | 0.01 | Nov 27, 2024 | go-gh is a Go module for interacting with the `gh` utility and the GitHub API from the command line. A security vulnerability has been identified in `go-gh` that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. `go-gh`… | |
| CVE-2024-52506 | Med | 0.42 | 6.5 | 0.01 | Nov 18, 2024 | Graylog is a free and open log management platform. The reporting functionality in Graylog allows the creation and scheduling of reports which contain dashboard widgets displaying individual log messages or metrics aggregated from fields of multiple log messages. This… | ||
| CVE-2024-22032 | Med | 0.42 | 6.5 | 0.00 | Oct 16, 2024 | A vulnerability has been identified in which an RKE1 cluster keeps constantly reconciling when secrets encryption configuration is enabled. When reconciling, the Kube API secret values are written in plaintext on the AppliedSpec. Cluster owners, Cluster members, and Project… | ||
| CVE-2024-47197 | — | Hig | 0.42 | 7.5 | 0.01 | Sep 26, 2024 | Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin. This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0. Users are recommended to upgrade to version 3.3.0, which fixes the… | |
| CVE-2024-8969 | Med | 0.42 | 6.5 | 0.00 | Sep 18, 2024 | OMFLOW from The SYSCOM Group has a vulnerability involving the exposure of sensitive data. This allows remote attackers who have logged into the system to obtain password hashes of all users and administrators. | ||
| CVE-2024-45391 | — | Hig | 0.42 | 7.5 | 0.00 | Sep 3, 2024 | Tina is an open-source content management system (CMS). Sites building with Tina CMS's command line interface (CLI) prior to version 1.6.2 that use a search token may be vulnerable to the search token being leaked via lock file (tina-lock.json). Administrators of Tina-enabled… | |
| CVE-2024-41672 | Hig | 0.42 | 7.5 | 0.01 | Jul 24, 2024 | DuckDB is a SQL database management system. In versions 1.0.0 and prior, content in filesystem is accessible for reading using `sniff_csv`, even with `enable_external_access=false`. This vulnerability provides an attacker with access to filesystem even when access is expected to… | ||
| CVE-2024-39676 | — | Hig | 0.42 | 7.5 | 0.01 | Jul 24, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to… | |
| CVE-2024-39896 | Hig | 0.42 | 7.5 | 0.01 | Jul 8, 2024 | Directus is a real-time API and App dashboard for managing SQL database content. When relying on SSO providers in combination with local authentication it can be possible to enumerate existing SSO users in the instance. This is possible because if an email address exists in… | ||
| CVE-2024-35691 | Med | 0.42 | 6.5 | 0.00 | Jun 8, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Marketing Fire, LLC Widget Options - Extended.This issue affects Widget Options - Extended: from n/a through 5.1.0. | ||
| CVE-2024-35178 | Hig | 0.42 | 7.5 | 0.01 | Jun 6, 2024 | The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain… | ||
| CVE-2024-4540 | Hig | 0.42 | 7.5 | 0.01 | Jun 3, 2024 | A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly… | ||
| CVE-2024-34004 | Med | 0.42 | 6.5 | 0.00 | May 31, 2024 | In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore wiki modules and direct access to the web server outside of the Moodle webroot could execute a local file include. | ||
| CVE-2021-44534 | — | Med | 0.42 | 6.5 | 0.01 | May 31, 2024 | Insufficient user input filtering leads to arbitrary file read by non-authenticated attacker, which results in sensitive information disclosure. | |
| CVE-2024-35189 | Med | 0.42 | 6.5 | 0.01 | May 30, 2024 | Fides is an open-source privacy engineering platform. The Fides webserver has a number of endpoints that retrieve `ConnectionConfiguration` records and their associated `secrets` which _can_ contain sensitive data (e.g. passwords, private keys, etc.). These `secrets` are stored… | ||
| CVE-2024-1968 | Hig | 0.42 | 7.5 | 0.01 | May 20, 2024 | In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only change the scheme (e.g., HTTPS to HTTP) but remain within the same domain. This behavior contravenes the Fetch standard, which mandates the removal of Authorization… |
- risk 0.42cvss 6.5epss 0.01
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. A low-privileged attacker could gain unauthorized access to sensitive information.…
- risk 0.42cvss 7.5epss 0.01
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. When you send a request with the Authorization header to one domain, and the response asks to redirect to a different domain, Deno'sfetch() redirect handling creates a follow-up redirect request that…
- risk 0.42cvss 7.5epss 0.01
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 11.0.0 and prior to version 11.3.0, when setting `WEBSOCKETS_GRAPHQL_AUTH` or `WEBSOCKETS_REST_AUTH` to "public", an unauthenticated user is able to do any of the supported…
- risk 0.42cvss 7.5epss 0.01
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using `--auth-mode=client`, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint:…
- risk 0.42cvss 6.5epss 0.01
go-gh is a Go module for interacting with the `gh` utility and the GitHub API from the command line. A security vulnerability has been identified in `go-gh` that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. `go-gh`…
- risk 0.42cvss 6.5epss 0.01
Graylog is a free and open log management platform. The reporting functionality in Graylog allows the creation and scheduling of reports which contain dashboard widgets displaying individual log messages or metrics aggregated from fields of multiple log messages. This…
- risk 0.42cvss 6.5epss 0.00
A vulnerability has been identified in which an RKE1 cluster keeps constantly reconciling when secrets encryption configuration is enabled. When reconciling, the Kube API secret values are written in plaintext on the AppliedSpec. Cluster owners, Cluster members, and Project…
- risk 0.42cvss 7.5epss 0.01
Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin. This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0. Users are recommended to upgrade to version 3.3.0, which fixes the…
- risk 0.42cvss 6.5epss 0.00
OMFLOW from The SYSCOM Group has a vulnerability involving the exposure of sensitive data. This allows remote attackers who have logged into the system to obtain password hashes of all users and administrators.
- risk 0.42cvss 7.5epss 0.00
Tina is an open-source content management system (CMS). Sites building with Tina CMS's command line interface (CLI) prior to version 1.6.2 that use a search token may be vulnerable to the search token being leaked via lock file (tina-lock.json). Administrators of Tina-enabled…
- risk 0.42cvss 7.5epss 0.01
DuckDB is a SQL database management system. In versions 1.0.0 and prior, content in filesystem is accessible for reading using `sniff_csv`, even with `enable_external_access=false`. This vulnerability provides an attacker with access to filesystem even when access is expected to…
- risk 0.42cvss 7.5epss 0.01
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to…
- risk 0.42cvss 7.5epss 0.01
Directus is a real-time API and App dashboard for managing SQL database content. When relying on SSO providers in combination with local authentication it can be possible to enumerate existing SSO users in the instance. This is possible because if an email address exists in…
- risk 0.42cvss 6.5epss 0.00
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Marketing Fire, LLC Widget Options - Extended.This issue affects Widget Options - Extended: from n/a through 5.1.0.
- risk 0.42cvss 7.5epss 0.01
The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain…
- risk 0.42cvss 7.5epss 0.01
A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly…
- risk 0.42cvss 6.5epss 0.00
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore wiki modules and direct access to the web server outside of the Moodle webroot could execute a local file include.
- risk 0.42cvss 6.5epss 0.01
Insufficient user input filtering leads to arbitrary file read by non-authenticated attacker, which results in sensitive information disclosure.
- risk 0.42cvss 6.5epss 0.01
Fides is an open-source privacy engineering platform. The Fides webserver has a number of endpoints that retrieve `ConnectionConfiguration` records and their associated `secrets` which _can_ contain sensitive data (e.g. passwords, private keys, etc.). These `secrets` are stored…
- risk 0.42cvss 7.5epss 0.01
In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only change the scheme (e.g., HTTPS to HTTP) but remain within the same domain. This behavior contravenes the Fetch standard, which mandates the removal of Authorization…