CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2022-24906 LOW
Nextcloud Deck < 1.2.11 - Unauthorized Sensitive Information Exposure via Full Path Disclosure
CVSS 3.5
CVE-2022-29165 CRITICAL
Argo CD <2.1.15-2.3.4 - Auth Bypass
CVSS 10.0
CVE-2022-1774 MEDIUM
drawio < 18.0.7 - Open Redirect via Untrusted URL
CVSS 6.1
CVE-2022-30990 HIGH
Acronis Cyber Protect <15 - Info Disclosure
CVSS 7.5
CVE-2022-30598 MEDIUM
Moodle 3.9-3.9.13 and 4.0 - Exposure of Sensitive Information via Global Search
CVSS 4.3
CVE-2022-23067 HIGH
ToolJet 0.5.0-1.2.2 - Token Leakage via Referer Header
CVSS 8.8
CVE-2022-24890 LOW
Nextcloud Talk < 13.0.5 - Unauthorized Exposure of Private Personal Information via Call Moderator Permissions
CVSS 2.4
CVE-2022-30334 MEDIUM
Brave < 1.34 - .onion URL Exposure in Referer and Origin Headers
CVSS 5.3
CVE-2022-26070 MEDIUM
Splunk Enterprise <8.1.0 - Info Disclosure
CVSS 4.3
CVE-2022-27875 MEDIUM
F5 Access for Android 3.0.6-3.0.7 - Exposure of Sensitive Information via Task Hijacking
CVSS 5.5
CVE-2022-25990 MEDIUM
F5OS-A 1.0.x - Exposure of Sensitive Information via Registry Ports
CVSS 5.3
CVE-2022-20734 MEDIUM
Cisco SD-WAN vManage Software - Info Disclosure
CVSS 4.4
CVE-2022-25787 HIGH
Secomea GateManager < 9.7.622134021 - Information Exposure via LMM API Query Strings
CVSS 7.5
CVE-2022-25780 MEDIUM
Secomea GateManager 4250/4260/8250/9250 Firmware < 9.7.622134021 - Authenticated Information Exposure via Web UI
CVSS 4.3
CVE-2022-0882 MEDIUM
Fuchsia < 4.1.1 - Unauthenticated Kernel Log Exposure via Zircon Addresses
CVSS 5.3
CVE-2022-1353 HIGH
Linux Kernel < 5.17 - Unauthenticated Exposure of Sensitive Information via pfkey_register
CVSS 7.1
CVE-2022-22277 MEDIUM
SonicWall TZ300/TZ350/TZ370/NSSP 10700-15700 SNMP Sensitive Information Exposure
CVSS 5.3
CVE-2022-22276 MEDIUM
SonicWall TZ/NSv/NSSP Firmware < 7.0.1 - Unauthorized Sensitive Information Exposure via SNMP
CVSS 5.3
CVE-2022-24886 LOW
Nextcloud Android < 3.19.0 - Unauthorized Contact Data Exposure via Notification Permission
CVSS 2.2
CVE-2022-24866 MEDIUM
Discourse Assign < 1.0.1 - Exposure of Sensitive Information via UserBookmarkSerializer
CVSS 4.3
CVE-2022-23711 MEDIUM
Kibana 7.2.1-7.17.2 - Unauthenticated Exposure of Sensitive Information in Page Source
CVSS 5.3
CVE-2022-24867 HIGH
GLPI < 10.0.0 - Unauthenticated LDAP Password Exposure via JavaScript Config
CVSS 7.5
CVE-2022-24865 MEDIUM
HumHub < 1.9.4 - Unauthorized Data Exposure via Forced Password Change
CVSS 6.5
CVE-2022-27863 MEDIUM
VikBooking Hotel Booking Engine & PMS Plugin <= 1.5.3 - Sensitive Data Exposure via Booking ID Brute-Force
CVSS 5.3
CVE-2022-1186 MEDIUM
WordPress plugin Be POPIA Compliant <1.1.5 - Info Disclosure
CVSS 5.3
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits