CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2023-36894 MEDIUM
Microsoft SharePoint Server - Info Disclosure
CVSS 6.5
CVE-2023-4177 LOW
EmpowerID < 7.205.0.0 - Information Disclosure in Multi-Factor Authentication Code Handler
CVSS 2.6
CVE-2023-4168 MEDIUM
Templatecookie Adlisting 2.14.0 - Information Disclosure in Redirect Handler
CVSS 4.3
CVE-2023-39508 HIGH
Apache Airflow < 2.6.0 - Authenticated Privilege Escalation and DAG Access Bypass via Run Task Feature
CVSS 8.8
CVE-2023-38700 LOW
Matrix App Service IRC <1.0.1 - Info Disclosure
CVSS 3.5
CVE-2023-38494 MEDIUM
MeterSphere <2.10.4 LTS - Info Disclosure
CVSS 5.9
CVE-2023-4139 HIGH
WP Ultimate CSV Importer <7.9.8 - Info Disclosure
CVSS 7.5
CVE-2023-26441 MEDIUM
open-xchange_appsuite_office < 8.11 - Path Traversal in Cacheservice
CVSS 5.7
CVE-2023-31927 MEDIUM
Brocade Fabric OS <9.2.0-9.1.1c - Info Disclosure
CVSS 5.3
CVE-2023-38685 MEDIUM
Discourse <3.0.6-3.1.0.beta7 - Info Disclosure
CVSS 4.3
CVE-2023-28203 MEDIUM
Apple Music < 4.2.0 - Unauthorized Contact Data Access
CVSS 5.5
CVE-2023-38503 MEDIUM
Directus 10.3.0-10.5.0 - Unauthorized Data Exposure via GraphQL Subscription Permission Bypass
CVSS 5.7
CVE-2023-38499 LOW
TYPO3 <9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 - Info Disclosure
CVSS 3.7
CVE-2023-34235 HIGH
Strapi < 4.10.8 - Exposure of Sensitive Information via Knex Query Prefix Manipulation
CVSS 8.6
CVE-2023-34093 MEDIUM
Strapi < 4.10.8 - Unauthenticated Exposure of Sensitive Information via Content-Type Attribute Handling
CVSS 4.8
CVE-2023-37916 MEDIUM
KubePi < 1.6.5 - Unauthenticated Password Hash Exposure via User Search Endpoint
CVSS 6.5
CVE-2023-3819 MEDIUM
pimcore < 10.6.4 - Exposure of Sensitive Information to an Unauthorized Actor
CVSS 6.5
CVE-2023-32476 MEDIUM
Dell Hybrid Client 2.0 - Unauthenticated Exposure of Sensitive Information via Hardcoded Secrets in JavaScript Files
CVSS 6.4
CVE-2023-3779 MEDIUM
Essential Addons For Elementor <5.8.1 - Info Disclosure
CVSS 5.3
CVE-2023-27877 MEDIUM
IBM Cloud Pak for Data 4.0 - Improper Authentication to CouchDB Server
CVSS 5.3
CVE-2023-26026 MEDIUM
Planning Analytics Cartridge - Info Disclosure
CVSS 5.3
CVE-2023-35900 MEDIUM
IBM Robotic Process Automation < 21.0.7.4 - Information Disclosure via Server Version Exposure
CVSS 4.3
CVE-2023-35898 MEDIUM
IBM InfoSphere Information Server 11.7 - Info Disclosure
CVSS 4.3
CVE-2023-3709 MEDIUM
Royal Elementor Addons <1.3.70 - Info Disclosure
CVSS 5.3
CVE-2023-33857 MEDIUM
IBM InfoSphere Information Server 11.7 - Info Disclosure
CVSS 5.3
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits