CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2023-38344 MEDIUM
Ivanti Endpoint Manager <2022 SU4 - Info Disclosure
CVSS 6.5
CVE-2023-39677 HIGH
Simpleimportproduct - Information Disclosure
CVSS 7.5
CVE-2023-39052 MEDIUM
Earthgarden_waiting <13.6.1 - Info Disclosure
CVSS 6.5
CVE-2023-39045 MEDIUM
Kokoroe Members <13.6.1 - Info Disclosure
CVSS 6.5
CVE-2023-38718 LOW
IBM Robotic Process Automation <21.0.7.8 - Info Disclosure
CVSS 3.7
CVE-2023-40368 MEDIUM
IBM Storage Protect 8.1.0.0-8.1.19.0 - Sensitive Information Exposure via CLI
CVSS 4.4
CVE-2023-43617 MEDIUM
schollz/croc < 9.6.5 - Exposure of Sensitive Information via Room Name Composition
CVSS 5.3
CVE-2023-42454 CRITICAL
SQLpage < 0.11.1 - Unauthorized Database Connection Information Exposure via Configuration File
CVSS 10.0
CVE-2023-42387 HIGH
TDSQL Chitu 10.3.19.5.0 - Exposure of Sensitive Information via get_db_info Function
CVSS 7.5
CVE-2023-37263 MEDIUM
Strapi < 4.12.1 - Uncontrolled Resource Consumption via Field Level Permissions Bypass
CVSS 6.8
CVE-2023-36472 MEDIUM
Strapi < 4.11.7 - Unauthorized Access to Sensitive Information via Content Manager Relations Endpoint
CVSS 5.8
CVE-2023-36551 MEDIUM
Fortinet FortiSIEM <6.7.5 - Info Disclosure
CVSS 4.3
CVE-2023-4917 MEDIUM
Leyka plugin for WordPress <3.30.3 - Info Disclosure
CVSS 5.3
CVE-2023-36763 HIGH
Microsoft Outlook - Info Disclosure
CVSS 7.5
CVE-2023-40712 MEDIUM
Apache Airflow <2.7.1 - Info Disclosure
CVSS 6.5
CVE-2023-4877 HIGH
GitHub hamza417/inure <build92 - Info Disclosure
CVSS 7.5
CVE-2023-4876 HIGH
GitHub hamza417/inure <build92 - Info Disclosure
CVSS 7.5
CVE-2023-28010 MEDIUM
HCL Domino - Unauthorized Sensitive Information Exposure via Server Hostname
CVSS 4.0
CVE-2023-39620 HIGH
Buffalo TeraStation NAS TS5410R 5.00-0.07 - Unauthenticated Sensitive Information Exposure via Guest Account
CVSS 7.5
CVE-2023-40029 CRITICAL
Argo CD 2.2.0-2.6.15 - Sensitive Information Exposure via kubectl.kubernetes.io/last-applied-configuration Annotation
CVSS 9.9
CVE-2023-41050 MEDIUM
AccessControl < 4.4 - Exposure of Sensitive Information via str.format_map
CVSS 6.8
CVE-2023-32271 MEDIUM
OAS Platform 18.00.0072 - Exposure of Sensitive Information via Configuration Management
CVSS 6.5
CVE-2023-4714 MEDIUM
PlayTube 3.0.1 - Information Disclosure via Redirect Handler
CVSS 4.3
CVE-2023-23763 MEDIUM
GitHub Enterprise Server 3.6.0-3.6.17 - Unauthorized Read Access via Fork Visibility Change
CVSS 5.3
CVE-2023-41749 HIGH
Acronis Agent < 32047 and Cyber Protect 15 < 35979 - Sensitive Information Exposure via Excessive System Data Collection
CVSS 7.5
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits