CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2023-45143 LOW
Undici < 5.26.2 - Cookie Header Leakage on Cross-Origin Redirects
CVSS 3.9
CVE-2023-44187 MEDIUM
Junos OS Evolved Sensitive Information Exposure via 'file copy' Command
CVSS 5.9
CVE-2023-41881 LOW
vantage6 < 4.0.0 - Authenticated Exposure of Sensitive Information via Collaboration ID Reuse
CVSS 3.7
CVE-2023-44097 HIGH
HarmonyOS - Unauthorized Exposure of Device Serial Numbers
CVSS 7.5
CVE-2023-44093 HIGH
Package Security Module - Info Disclosure
CVSS 7.5
CVE-2023-29348 HIGH
Windows Remote Desktop Gateway RD Gateway - Info Disclosure
CVSS 7.5
CVE-2023-37939 LOW
FortiClient 6.2.0-6.2.8, 6.4, 7.0, 7.2.0-7.2.1 - Sensitive Information Exposure via Malware Scan Exclusion List
CVSS 3.3
CVE-2023-30804 MEDIUM
Sangfor Next-Gen Application Firewall NGAF8.0.17 - Authenticated Arbitrary File Read via svpn_html/loadfile.php
CVSS 4.9
CVE-2023-45219 MEDIUM
F5 BIG-IP 13.1.0-13.1.5 - Authenticated Sensitive Information Exposure via Undisclosed tmsh Command
CVSS 4.4
CVE-2023-43804 MEDIUM
urllib3 <1.26.17, <2.0.5 - Info Disclosure
CVSS 5.9
CVE-2023-3361 HIGH
Red Hat OpenShift Data Science - Info Disclosure
CVSS 7.7
CVE-2023-1584 HIGH
Quarkus < 2.13.8 and quarkus-oidc < 2.13.0.Final - Exposure of Sensitive Information via Insecure HTTP Protocol
CVSS 7.5
CVE-2023-4886 MEDIUM
Foreman < 3.8.0 - Sensitive Information Exposure via World-Readable Tomcat server.xml
CVSS 6.7
CVE-2023-3349 HIGH
IBERMATICA RPS 2019 - Info Disclosure
CVSS 8.2
CVE-2023-5160 MEDIUM
Mattermost 7.0.0-7.8.10 - Unauthorized Exposure of Full Names via Team Members Endpoint
CVSS 4.3
CVE-2023-5256 HIGH
Drupal 8.7.0-9.5.10 - Unauthenticated Sensitive Information Exposure via JSON:API Error Backtrace
CVSS 7.5
CVE-2023-42820 HIGH
JumpServer 2.24.0-2.28.18 - Exposure of Sensitive Information via Random Seed in API
CVSS 7.0
CVE-2023-41323 MEDIUM
GLPI >= 0.68 < 10.0.10 - Unauthenticated User Login Enumeration
CVSS 5.3
CVE-2023-41321 MEDIUM
GLPI 9.1.1-10.0.9 - Exposure of Sensitive Information via API Resource Enumeration
CVSS 4.9
CVE-2023-40049 MEDIUM
WS_FTP Server < 8.8.2 - Unauthenticated Sensitive Information Exposure via WebServiceHost Directory Listing
CVSS 5.3
CVE-2023-23958 MEDIUM
Symantec Protection Engine <9.1.0 - Info Disclosure
CVSS 6.8
CVE-2023-5166 HIGH
Docker Desktop <4.23.0 - Info Disclosure
CVSS 8.0
CVE-2023-41293 HIGH
Huawei EMUI and HarmonyOS - Data Security Classification Vulnerability in DDMP Module
CVSS 7.5
CVE-2023-1633 MEDIUM
OpenStack Barbican - Info Disclosure
CVSS 6.6
CVE-2023-5134 MEDIUM
Easy Registration Forms <2.1.1 - Info Disclosure
CVSS 4.3
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits