VYPR

CWE-209

Generation of Error Message Containing Sensitive Information

BaseDraftLikelihood: High

Description

The product generates an error message that includes sensitive information about its environment, users, or associated data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-215 · CAPEC-463 · CAPEC-54 · CAPEC-7

CVEs mapped to this weakness (189)

page 8 of 10
  • CVE-2023-31286Apr 27, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist.

  • CVE-2023-29193Apr 14, 2023
    risk 0.00cvss epss 0.01

    SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. The `spicedb serve` command contains a flag named `--grpc-preshared-key` which is used to protect the gRPC API from being accessed by…

  • CVE-2023-28117Mar 22, 2023
    risk 0.00cvss epss 0.01

    Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to…

  • CVE-2023-25695Mar 15, 2023
    risk 0.00cvss epss 0.01

    Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2.

  • CVE-2023-26052Mar 2, 2023
    risk 0.00cvss epss 0.01

    Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in…

  • CVE-2023-26051Mar 2, 2023
    risk 0.00cvss epss 0.01

    Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in…

  • CVE-2023-25956Feb 24, 2023
    risk 0.00cvss epss 0.01

    Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider. This issue affects Apache Airflow AWS Provider versions before 7.2.1.

  • CVE-2023-22626Jan 5, 2023
    risk 0.00cvss epss 0.01

    PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. (Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server.)

  • CVE-2015-10012Jan 3, 2023
    risk 0.00cvss epss 0.01

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Resources/views/Security/login.html.twig. The manipulation leads to…

  • CVE-2022-39304Dec 20, 2022
    risk 0.00cvss epss 0.00

    ghinstallation provides transport, which implements http.RoundTripper to provide authentication as an installation for GitHub Apps. In ghinstallation version 1, when the request to refresh an installation token failed, the HTTP request and response would be returned for…

  • CVE-2022-39307Nov 9, 2022
    risk 0.00cvss epss 0.01

    Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the `/api/user/password/sent-reset-email` URL. When the username or email does not exist, a JSON response contains a “user not…

  • CVE-2022-39315Oct 25, 2022
    risk 0.00cvss epss 0.01

    Kirby is a Content Management System. Prior to versions 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, a user enumeration vulnerability affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. It can only be exploited for targeted attacks…

  • CVE-2021-3513Aug 22, 2022
    risk 0.00cvss epss 0.01

    A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality.

  • CVE-2022-31189Aug 1, 2022
    risk 0.00cvss epss 0.01

    DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an "Internal System Error" occurs in the JSPUI, then entire exception (including stack trace) is available. Information in…

  • CVE-2022-31140Jul 11, 2022
    risk 0.00cvss epss 0.01

    Valinor is a PHP library that helps to map any input into a strongly-typed value object structure. Prior to version 0.12.0, Valinor can use `Throwable#getMessage()` when it should not have permission to do so. This is a problem with cases such as an SQL exception showing an SQL…

  • CVE-2022-31124Jul 6, 2022
    risk 0.00cvss epss 0.01

    openssh_key_parser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. In versions prior to 0.0.6 if a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field…

  • CVE-2022-31098Jun 27, 2022
    risk 0.00cvss epss 0.01

    Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka…

  • CVE-2022-31047Jun 14, 2022
    risk 0.00cvss epss 0.01

    TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete…

  • CVE-2022-2062Jun 13, 2022
    risk 0.00cvss epss 0.01

    Generation of Error Message Containing Sensitive Information in GitHub repository nocodb/nocodb prior to 0.91.7+.

  • CVE-2022-31023Jun 2, 2022
    risk 0.00cvss epss 0.01

    Play Framework is a web framework for Java and Scala. Verions prior to 2.8.16 are vulnerable to generation of error messages containing sensitive information. Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play…