CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200

CVE-2023-30843 HIGH

Payload < 1.7.0 - Exposure of Sensitive Information via Hidden Field Brute Force

CVSS 7.4

CVE-2023-30841 MEDIUM

Baremetal Operator < 0.3.0 - Cleartext Transmission of Sensitive Information via ConfigMap Storage

CVSS 6.0

CVE-2023-1387 MEDIUM

Grafana 9.1.0-9.2.16 - JWT Exposure via URL Query Parameter

CVSS 4.2

CVE-2023-23839 MEDIUM

SolarWinds Platform - Info Disclosure

CVSS 6.5

CVE-2023-2281 LOW

Mattermost Server < 7.9.0 - Unauthorized Sensitive Information Exposure via Websocket Event

CVSS 3.1

CVE-2023-22577 CRITICAL

White Rabbit Switch Firmware < 6.0.1 - Unauthenticated Exposure of Sensitive Information

CVSS 9.8

CVE-2023-30611 MEDIUM

Discourse Reactions - Exposure of Sensitive Information via Private Topic Reaction Data Leak

CVSS 4.3

CVE-2023-29517 HIGH

XWiki < 13.10.11 - Unauthenticated Exposure of Sensitive Information via Office Document Viewer Macro

CVSS 7.5

CVE-2023-26049 LOW

Jetty <9.4.51 - Cookie Smuggling via Quoted Value Parsing

CVSS 2.4

CVE-2023-22307 MEDIUM

Tribe29 Checkmk Appliance <1.6.4 - Info Disclosure

CVSS 5.5

CVE-2023-30540 LOW

Nextcloud Talk 15.0.0-15.0.5 - Exposure of Sensitive Information via Deleted Conversation Data

CVSS 3.5

CVE-2023-1831 HIGH

Mattermost < 7.7.3 - Sensitive Information Exposure in Audit Logs

CVSS 7.2

CVE-2023-20866 MEDIUM

Spring Session 3.0.0 - Exposure of Sensitive Information via Session ID Logging

CVSS 6.5

CVE-2023-28271 MEDIUM

Windows Kernel - Information Disclosure via Memory Exposure

CVSS 5.5

CVE-2023-28221 HIGH

Windows Error Reporting Service - Exposure of Sensitive Information to an Unauthorized Actor

CVSS 7.0

CVE-2023-23588 MEDIUM

SIMATIC IPC647D, IPC847D, IPC1047 Firmware - Improper Certificate Validation in Maxview Storage Manager

CVSS 6.2

CVE-2023-29111 LOW

SAP AIF (ODATA service) - Info Disclosure

CVSS 3.1

CVE-2023-28765 CRITICAL

SAP BusinessObjects <420-430 - Privilege Escalation

CVSS 9.8

CVE-2023-1710 MEDIUM

GitLab <15.8.5, <15.9.4, <15.10.1 - Info Disclosure

CVSS 5.3

CVE-2023-0838 MEDIUM

GitLab 15.1-15.8.4, 15.9-15.9.3, 15.10 - Authenticated Webhook Secret Exposure via URL Parameter Injection

CVSS 5.5

CVE-2023-1858 MEDIUM

SourceCodester Earnings and Expense Tracker App 1.0 - Info Disclosure

CVSS 4.3

CVE-2023-0614 MEDIUM

Samba 4.0.0-4.16.9 - Exposure of Sensitive Information via LDAP Filter Bypass

CVSS 6.5

CVE-2023-1790 MEDIUM

SourceCodester Simple Task Allocation System 1.0 - Info Disclosure

CVSS 4.3

CVE-2023-29137 MEDIUM

MediaWiki <1.39.3 - Info Disclosure

CVSS 4.3

CVE-2023-1777 MEDIUM

Mattermost < 7.1.6 and 7.8.0 - Unauthorized Message Content Exposure via createPost API

CVSS 6.5

Details

Vulnerabilities 10,151

Exploit Likelihood High

Links