CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2023-34236 HIGH
Weave GitOps Terraform Controller < 0.14.4 - Authenticated Sensitive Information Exposure via tf-runner Logs
CVSS 8.5
CVE-2023-29450 HIGH
Zabbix < 5.0.33 - Unauthorized File System Access via JavaScript Pre-processing
CVSS 8.5
CVE-2023-34134 MEDIUM
SonicWall GMS & Analytics <9.3.2-SP1 - Info Disclosure
CVSS 6.5
CVE-2023-34131 MEDIUM
SonicWall GMS <9.3.2-SP1 & Analytics <2.5.0.4-R7 - Info Disclosure
CVSS 5.3
CVE-2023-38062 MEDIUM
JetBrains TeamCity < 2023.05.1 - Exposure of Sensitive Information via Composite Build Configuration
CVSS 4.3
CVE-2023-34090 HIGH
Decidim < 0.27.3 - Unauthenticated Sensitive Data Disclosure via Ransack Filtering
CVSS 7.5
CVE-2023-33174 MEDIUM
Windows 10 1507-22H2 and Windows 11 21H2-22H2 - Cryptographic Information Disclosure
CVSS 5.5
CVE-2023-33165 MEDIUM
Microsoft SharePoint Server - Privilege Escalation
CVSS 4.3
CVE-2023-24881 MEDIUM
Microsoft Teams < 2.10.1 - Exposure of Sensitive Information
CVSS 6.5
CVE-2023-34442 LOW
Apache Camel 3.0.0-3.14.8 3.18.0-3.18.7 3.20.0-3.20.5 4.0.0-M3 - Exposure of Sensitive Information
CVSS 3.3
CVE-2023-3553 HIGH
nilsteampassnet/teampass <3.0.10 - Info Disclosure
CVSS 7.5
CVE-2023-35934 MEDIUM
yt-dlp <2023.07.06 - Cookie Leakage via Download Redirects and Fragments
CVSS 6.1
CVE-2023-37239 HIGH
Huawei EMUI and HarmonyOS - Format String Vulnerability in Distributed File System
CVSS 7.5
CVE-2023-3455 CRITICAL
Huawei EMUI and HarmonyOS - Exposure of Sensitive Information via Key Management Vulnerability
CVSS 9.1
CVE-2023-21624 MEDIUM
Qualcomm FastConnect 6700 Firmware - Information Disclosure in DSP Services
CVSS 6.2
CVE-2023-36817 HIGH
tktchurch/website <0.1.0 - Info Disclosure
CVSS 7.5
CVE-2023-36539 MEDIUM
Zoom Meetings and Poly CCX Firmware - Information Disclosure
CVSS 5.3
CVE-2023-36476 HIGH
calamares-nixos-extensions <0.3.12 - Info Disclosure
CVSS 7.9
CVE-2023-21237 MEDIUM KEV
Android 13 - Local Information Disclosure via NotificationContentInflater
CVSS 5.5
CVE-2023-30993 MEDIUM
IBM Cloud Pak for Security <1.9.3 - Info Disclosure
CVSS 6.8
CVE-2023-28857 MEDIUM
Apereo CAS 6.5.0-6.5.9.1 & 6.6.0-6.6.5 - LDAP Credential Leak via X509 CRL Distribution Points
CVSS 4.0
CVE-2023-34098 MEDIUM
Shopware 5.6.0-5.7.17 - Exposure of Sensitive Information via .htaccess Misconfiguration
CVSS 5.3
CVE-2023-3132 MEDIUM
MainWP Child <4.4.1.1 - Info Disclosure
CVSS 5.9
CVE-2023-34466 MEDIUM
XWiki 5.0.1-14.4.7 - Unauthorized Information Disclosure via Tags API
CVSS 4.3
CVE-2023-2991 MEDIUM
Globalscape EFT Server 8.0.0.38-8.1.0.13 - Unauthenticated Exposure of Sensitive Information via Trial Extension Request
CVSS 5.3
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits