CWE-612
Improper Authorization of Index Containing Sensitive Information
Description
The product creates a search index of private or sensitive documents, but it does not properly limit index access to actors who are authorized to see the original information.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-25605 | Hig | 0.49 | 7.5 | 0.00 | Mar 22, 2026 | EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password… | ||
| CVE-2025-57756 | 0.00 | — | 0.00 | Aug 28, 2025 | Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue has been patched in versions 4.13.56,… | |||
| CVE-2022-41918 | — | 0.00 | — | 0.00 | Nov 15, 2022 | OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the indices… | ||
| CVE-2022-35980 | — | 0.00 | — | 0.01 | Aug 12, 2022 | OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of the security plugin are affected by an information disclosure vulnerability. Requests to an OpenSearch cluster configured with advanced access… |
- risk 0.49cvss 7.5epss 0.00
EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password…
- CVE-2025-57756Aug 28, 2025risk 0.00cvss —epss 0.00
Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue has been patched in versions 4.13.56,…
- CVE-2022-41918Nov 15, 2022risk 0.00cvss —epss 0.00
OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the indices…
- CVE-2022-35980Aug 12, 2022risk 0.00cvss —epss 0.01
OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of the security plugin are affected by an information disclosure vulnerability. Requests to an OpenSearch cluster configured with advanced access…