CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
BaseIncomplete
Description
The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-464 · CAPEC-467 · CAPEC-498 · CAPEC-508
CVEs mapped to this weakness (103)
page 6 of 6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-0155 | — | 0.00 | — | 0.02 | Jan 10, 2022 | follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor | ||
| CVE-2021-3980 | 0.00 | — | 0.02 | Dec 3, 2021 | elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor | |||
| CVE-2016-11066 | — | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information. |
- CVE-2022-0155Jan 10, 2022risk 0.00cvss —epss 0.02
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
- CVE-2021-3980Dec 3, 2021risk 0.00cvss —epss 0.02
elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
- CVE-2016-11066Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information.