CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2023-25500 LOW
Vaadin < 10.0.23 - Information Disclosure
CVSS 3.5
CVE-2023-25499 MEDIUM
Vaadin 10.0.0-24.1.0.beta1 - Information Disclosure via Non-Visible Component Rendering
CVSS 5.7
CVE-2023-35005 MEDIUM
Apache Airflow 2.5.0-2.6.1 - Exposure of Sensitive Information via Configuration UI
CVSS 6.5
CVE-2023-2792 MEDIUM
Mattermost 7.1.0-7.1.8 - Exposure of Sensitive Information via Ephemeral Error Messages
CVSS 6.5
CVE-2023-34242 LOW
Cilium < 1.13.4 - Unauthorized Exposure of Sensitive Information via ReferenceGrant Namespace Check Bypass
CVSS 3.4
CVE-2023-29287 MEDIUM
Adobe Commerce <2.4.6 - Info Disclosure
CVSS 5.3
CVE-2023-28175 HIGH
Bosch Video Management System 11.0-11.1.1 - Authenticated Internal Network Access via SSH Port Forwarding
CVSS 7.1
CVE-2023-25683 MEDIUM
IBM Powervm Hypervisor < fw950.71 - Information Disclosure
CVSS 5.9
CVE-2023-2820 MEDIUM
Proofpoint Threat Response <5.10.0 - Info Disclosure
CVSS 6.1
CVE-2023-33933 HIGH
Apache Traffic Server <9.2.0 - Info Disclosure
CVSS 7.5
CVE-2023-3231 LOW
ujcms < 6.0.2 - Information Disclosure via ZIP Package Handler
CVSS 3.1
CVE-2023-34250 MEDIUM
Discourse < 3.0.4 - Unauthorized Sensitive Information Exposure via New Topics Dismissal Endpoint
CVSS 4.8
CVE-2023-27465 MEDIUM
SIMOTION D425-2 DP/PN Firmware 5.4-5.5 - Unauthenticated Sensitive Information Exposure via Debugging Services
CVSS 4.6
CVE-2023-25912 MEDIUM
Danfoss AK-EM100 Firmware < 2.2.0.12 - Unauthenticated Exposure of Sensitive Information via Web Report Generation
CVSS 5.3
CVE-2023-22586 HIGH
Danfoss AK-EM100 Firmware < 2.2.0.12 - Local File Inclusion via File Parameter
CVSS 7.7
CVE-2023-32312 LOW
Umbraco Identity Extensibility < 2.0.0 - Exposure of Sensitive Information via Unsafe OAuth Flow
CVSS 3.7
CVE-2023-34243 MEDIUM
tgstation-server 4.0.0-5.12.4 - Unauthenticated Username Enumeration via Login Endpoint Brute Force
CVSS 5.8
CVE-2023-33848 MEDIUM
IBM TXSeries for Multiplatforms <11.1 - Info Disclosure
CVSS 4.9
CVE-2023-33956 MEDIUM
Kanboard < 1.2.30 - Insecure Direct Object Reference via file_id Parameter
CVSS 4.3
CVE-2023-3064 HIGH
Mobatime AMXGT100 <1.3.20 - Info Disclosure
CVSS 7.5
CVE-2023-34094 HIGH
ChuanghuChatGPT <20230526 - Info Disclosure
CVSS 7.5
CVE-2023-34092 HIGH
Vite <2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, 4.3.9 - Auth Bypass
CVSS 7.5
CVE-2023-33960 HIGH
OpenProject <12.5.6 - Info Disclosure
CVSS 7.5
CVE-2023-32710 MEDIUM
Splunk Enterprise <9.0.5, <8.2.11, <8.1.14 & Splunk Cloud <9.0.2303.100 - Unauthorized Data Exposure
CVSS 4.8
CVE-2023-33979 MEDIUM
gpt_academic <3.37 - Info Disclosure
CVSS 6.5
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits