CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2023-2749 HIGH
ASUSTOR Download Center < 1.1.5.r1298 - Unauthenticated Path Traversal and Arbitrary File Read
CVSS 8.6
CVE-2023-31185 HIGH
ROZCOM server framework - Info Disclosure
CVSS 7.5
CVE-2023-33955 MEDIUM
Minio Console < 0.28.0 - Filename Spoofing via Unicode Right-to-Left Override
CVSS 4.3
CVE-2023-28322 LOW
curl < 8.1.0 - Information Disclosure via Reused Handle PUT-to-POST Transition
CVSS 3.7
CVE-2023-32681 MEDIUM
Requests 2.3.0-2.31.0 - Proxy-Authorization Header Leak via HTTPS Redirect
CVSS 6.1
CVE-2023-2025 MEDIUM
OpenBlue Enterprise Manager Data Collector < 3.2.5.75 - Unauthorized Sensitive Information Exposure
CVSS 5.0
CVE-2023-29857 MEDIUM
Teslamate 1.27.1 - Exposure of Sensitive Information via Direct Link Access
CVSS 5.3
CVE-2023-27863 MEDIUM
IBM Spectrum Protect Plus Server 10.1.13 - Exposure of Sensitive Information via SMB Credentials
CVSS 4.4
CVE-2023-2514 MEDIUM
Mattermost < 7.1.7 - Sensitive Information Disclosure in Application Logs
CVSS 6.7
CVE-2023-28357 MEDIUM
Rocket.Chat < 6.0.0 - Authenticated Private Channel Member Enumeration via Slash Command /mute
CVSS 4.3
CVE-2023-32082 LOW
etcd < 3.4.26 - Unauthorized Key Name Exposure via LeaseTimeToLive API
CVSS 3.1
CVE-2023-27870 MEDIUM
IBM Spectrum Virtualize 8.5 - Sensitive Credential Exposure During Fix Central Download
CVSS 5.9
CVE-2023-29106 MEDIUM
SIMATIC Cloud Connect 7 - Info Disclosure
CVSS 5.3
CVE-2023-32113 HIGH
SAP GUI for Windows < 7.70 - Unauthenticated Exposure of NTLM Authentication Information via Shortcut File
CVSS 7.5
CVE-2023-31404 MEDIUM
SAP BusinessObjects <430 - Info Disclosure
CVSS 5.0
CVE-2023-30740 MEDIUM
SAP BusinessObjects Business Intelligence Platform 420, 430 - Authenticated Exposure of Sensitive Information
CVSS 6.3
CVE-2023-28762 CRITICAL
SAP BusinessObjects Business Intelligence Platform - versions 420, ...
CVSS 9.1
CVE-2023-22813 LOW
Western Digital My Cloud OS 5 and My Cloud Home - Unauthenticated Information Disclosure via Device API Endpoint
CVSS 3.3
CVE-2023-31133 HIGH
Ghost < 5.46.1 - Exposure of Sensitive Information via Public API Filter Brute Force
CVSS 7.5
CVE-2023-24505 MEDIUM
Milesight NCR/camera <71.8.0.6-r5 - Info Disclosure
CVSS 5.3
CVE-2023-31413 LOW
Filebeat <= 7.17.9 and 8.6.2 - Sensitive Information Disclosure in HTTPJSON Input Debug Logs
CVSS 3.3
CVE-2023-26268 MEDIUM
Apache CouchDB < 3.2.3 - Exposure of Sensitive Information via Shared Javascript Environment in Design Documents
CVSS 4.4
CVE-2023-22503 MEDIUM
Atlassian Confluence Server/Data Center <7.13.15/7.14.0-7.19.6/7.20.0-8.1.9 - Unauthenticated Info Disclosure
CVSS 5.3
CVE-2023-30853 HIGH
Gradle Build Action < 2.4.2 - Exposure of Sensitive Information via GitHub Actions Cache
CVSS 7.6
CVE-2023-28770 HIGH
Zyxel DX5401-B0 <V5.17(ABYO.1)C0 - Info Disclosure
CVSS 7.5
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits