CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2022-0987 LOW
PackageKit - Information Disclosure via Transaction Interface File Existence Timing
CVSS 3.3
CVE-2022-31091 HIGH
Guzzle < 6.5.8 - Sensitive Header Exposure via Redirect Handling
CVSS 7.7
CVE-2022-31090 HIGH
Guzzle < 6.5.8 - Sensitive Information Exposure via Redirect Authorization Header Leak
CVSS 7.7
CVE-2022-2221 MEDIUM
Devolutions Remote Desktop Manager < 2022.1.8 - Authenticated Information Exposure in My Account Settings
CVSS 6.5
CVE-2022-0722 HIGH
ionicabizau/parse-url <7.0.0 - Info Disclosure
CVSS 7.5
CVE-2022-31095 MEDIUM
Discourse-chat <0.4 - Info Disclosure
CVSS 4.3
CVE-2022-30607 MEDIUM
IBM Robotic Process Automation 20.10.0, 20.12.5, 21.0.0-21.0.2 - Exposure of Sensitive Information via Control Center UI
CVSS 6.5
CVE-2022-30184 MEDIUM
.NET and Visual Studio - Exposure of Sensitive Information
CVSS 5.5
CVE-2022-31070 MEDIUM
NestJS Proxy <0.7.0 - Info Disclosure
CVSS 5.8
CVE-2022-31069 MEDIUM
NestJS Proxy <0.7.0 - Info Disclosure
CVSS 5.8
CVE-2022-20664 HIGH
Cisco Secure Email and Web Manager - Info Disclosure
CVSS 7.7
CVE-2022-31066 MEDIUM
EdgeX Foundry <2.1.1 - Info Disclosure
CVSS 5.9
CVE-2022-31060 MEDIUM
Discourse <2.8.4-2.9.0.beta5 - Info Disclosure
CVSS 5.3
CVE-2022-31046 MEDIUM
TYPO3 <7.6.57 ELTS, <8.7.47 ELTS, <9.5.34 ELTS, <10.4.29, <11.5.11 ...
CVSS 4.3
CVE-2022-29241 HIGH
Jupyter Server <1.17.1 - Info Disclosure
CVSS 7.1
CVE-2022-31309 HIGH
WAVLINK AERIAL X 1200M M79X3.V5030.180719 - Info Disclosure
CVSS 7.5
CVE-2022-31308 HIGH
WAVLINK Aerial X 1200M M79X3.V5030.191012 - Info Disclosure
CVSS 7.5
CVE-2022-32192 HIGH
Couchbase Server 5.0.0-7.0.3 - Exposure of Sensitive Information
CVSS 7.5
CVE-2022-29244 HIGH
npm <7.9.0-7.13.0 - Info Disclosure
CVSS 7.5
CVE-2022-1595 MEDIUM
HC Custom WP-Admin URL < 1.4 - Unauthenticated Secret Login URL Exposure via Crafted Request
CVSS 5.3
CVE-2022-32741 MEDIUM
OTRS 7.0.0-7.0.34 - Unauthenticated Username Enumeration via Request New Password Timing
CVSS 5.3
CVE-2022-32740 LOW
OTRS 7.0.0-7.0.34 - Unintended Email Content Exposure via Forwarded Article Reply
CVSS 3.5
CVE-2022-32739 LOW
OTRS 7.0.0-7.0.30 and 7.0.0-7.0.34 - Exposure of Sensitive Information via Calendar Public URL
CVSS 3.5
CVE-2022-31043 HIGH
Guzzle < 6.5.7 - Sensitive Information Exposure via HTTPS to HTTP Redirect
CVSS 7.5
CVE-2022-31042 HIGH
Guzzle < 6.5.7 - Sensitive Cookie Header Exposure via Redirect Handling
CVSS 7.5
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits