VYPR

CWE-209

Generation of Error Message Containing Sensitive Information

BaseDraftLikelihood: High

Description

The product generates an error message that includes sensitive information about its environment, users, or associated data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-215 · CAPEC-463 · CAPEC-54 · CAPEC-7

CVEs mapped to this weakness (189)

page 9 of 10
  • CVE-2022-23794Mar 30, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application.

  • CVE-2022-24731Mar 23, 2022
    risk 0.00cvss epss 0.01

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.5.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal vulnerability, allowing a malicious user with read/write access to leak sensitive files…

  • CVE-2021-3620Mar 3, 2022
    risk 0.00cvss epss 0.00

    A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.

  • CVE-2022-0660Feb 18, 2022
    risk 0.00cvss epss 0.07

    Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11.

  • CVE-2022-0622Feb 17, 2022
    risk 0.00cvss epss 0.01

    Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11.

  • CVE-2022-0504Feb 8, 2022
    risk 0.00cvss epss 0.01

    Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11.

  • CVE-2022-0083Jan 4, 2022
    risk 0.00cvss epss 0.01

    livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information

  • CVE-2022-0079Jan 3, 2022
    risk 0.00cvss epss 0.01

    showdoc is vulnerable to Generation of Error Message Containing Sensitive Information

  • CVE-2021-32712Jun 24, 2021
    risk 0.00cvss epss 0.01

    Shopware is an open source eCommerce platform. Versions prior to 5.6.10 are vulnerable to system information leakage in error handling. Users are recommend to update to version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download…

  • CVE-2021-22885May 27, 2021
    risk 0.00cvss epss 0.04

    A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.

  • CVE-2021-29040May 16, 2021
    risk 0.00cvss epss 0.01

    The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote attackers to use the contents of error messages to help launch…

  • CVE-2021-21421Apr 1, 2021
    risk 0.00cvss epss 0.01

    node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-client v0.3.0 and later.

  • CVE-2021-21416Apr 1, 2021
    risk 0.00cvss epss 0.00

    django-registration is a user registration package for Django. The django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-registration prior to 3.1.2, the base user-account registration view did not…

  • CVE-2021-20289Mar 26, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's…

  • CVE-2020-1717Feb 11, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack.

  • CVE-2020-25640Nov 24, 2020
    risk 0.00cvss epss 0.01

    A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.

  • CVE-2020-25633Sep 18, 2020
    risk 0.00cvss epss 0.01

    A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this…

  • CVE-2020-15132Aug 5, 2020
    risk 0.00cvss epss 0.01

    In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget password" feature on the login screen is used, Sulu asks the user for a username or email address. If the given string is not found, a response with a `400` error code is returned, along with a error message…

  • CVE-2020-15125Jul 29, 2020
    risk 0.00cvss epss 0.02

    In auth0 (npm package) versions before 2.27.1, a DenyList of specific keys that should be sanitized from the request object contained in the error object is used. The key for Authorization header is not sanitized and in certain cases the Authorization header value can be logged…

  • CVE-2020-13997Jul 28, 2020
    risk 0.00cvss epss 0.01

    In Shopware before 6.2.3, the database password is leaked to an unauthenticated user when a DriverException occurs and verbose error handling is enabled.