CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2022-26885 HIGH
Apache DolphinScheduler < 2.0.6 - Information Disclosure
CVSS 7.5
CVE-2022-41946 MEDIUM
PostgreSQL JDBC Driver 42.2.0-42.2.27 - Insecure Temporary File Creation via InputStream Handling
CVSS 4.7
CVE-2022-41935 MEDIUM
XWiki 12.10.11-13.10.8 - Unauthenticated Exposure of Sensitive Information via Livetable Queries
CVSS 5.3
CVE-2022-38113 MEDIUM
SolarWinds Security Event Manager - Information Exposure via Server Response Header
CVSS 5.3
CVE-2022-39397 MEDIUM
aliyun-oss-client < 0.8.1 - Exposure of Sensitive Information via Unintended Secret Disclosure
CVSS 5.6
CVE-2022-41939 MEDIUM
knative.dev/func < 1.8.1 - Exposure of Sensitive Information via Malicious Buildpack Lifecycle Container
CVSS 6.1
CVE-2022-42883 MEDIUM
Quiz And Survey Master <= 7.3.10 - Sensitive Information Disclosure
CVSS 5.3
CVE-2022-41655 MEDIUM
Phone Orders for WooCommerce <3.7.1 - Info Disclosure
CVSS 4.3
CVE-2022-41618 LOW
Media Library Assistant <3.00 - Info Disclosure
CVSS 3.7
CVE-2022-41914 LOW
Zulip Server 5.0-5.6 - SCIM Bearer Token Timing Side-Channel Exposure
CVSS 3.7
CVE-2022-41917 MEDIUM
OpenSearch 1.0.0-1.3.6 - Information Disclosure via Text Analyzer File Handling
CVSS 4.3
CVE-2022-42132 MEDIUM
Liferay Portal 7.0.0-7.4.3.4 & DXP 7.0-7.4 GA - Sensitive Information Exposure via LDAP Pagination
CVSS 5.9
CVE-2022-41913 MEDIUM
Discourse Calendar - Unauthorized Exposure of Private Group Membership via Post Event Feature
CVSS 4.3
CVE-2022-39385 MEDIUM
Discourse < 2.8.10 - Unauthorized Private Message Topic Access via Invitation Redemption
CVSS 6.5
CVE-2022-28764 LOW
Zoom Client <5.12.6 - Info Disclosure
CVSS 3.3
CVE-2022-34314 MEDIUM
IBM CICS TX 11.1 - Exposure of Sensitive Information via Insecure Permission Settings
CVSS 4.0
CVE-2022-34329 MEDIUM
IBM CICS TX 11.7 - Exposure of Sensitive Information via HTTP Response Headers
CVSS 5.3
CVE-2022-34313 MEDIUM
IBM CICS TX 11.1 - Exposure of Sensitive Information via Insecure Cookie Transmission
CVSS 4.3
CVE-2022-34312 MEDIUM
IBM CICS TX 11.1 - Unauthorized Exposure of Sensitive Information via Local Web Page Storage
CVSS 4.0
CVE-2022-27949 HIGH
Apache Airflow < 2.3.1 - Unauthenticated Exposure of Sensitive Information in Task Template Rendering
CVSS 7.5
CVE-2022-41876 HIGH
ezplatform-graphql <2.3.12, <1.0.13 - Info Disclosure
CVSS 7.5
CVE-2022-39307 MEDIUM
Grafana < 8.5.15 and 9.0.0-9.2.4 - Unauthenticated Sensitive Information Disclosure via Password Reset Endpoint
CVSS 6.7
CVE-2022-36077 HIGH
Electron <21.0.0-beta.1-18.3.7 - Info Disclosure
CVSS 7.2
CVE-2022-44746 MEDIUM
Acronis Cyber Protect Home Office < 40107 - Sensitive Information Exposure via Insecure Folder Permissions
CVSS 5.5
CVE-2022-38654 MEDIUM
HCL Domino - Authenticated Information Disclosure via Directory Search xACL Bypass
CVSS 5.5
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits