CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,152 vulnerabilities with CWE-200
CVE-2020-7944 HIGH
Puppet Enterprise <3.4.0 - Info Disclosure
CVSS 7.7
CVE-2020-6812 MEDIUM
Firefox < 74.0 and Firefox ESR < 68.6.0 - Exposure of Sensitive Information via AirPods Device Name Enumeration
CVSS 5.3
CVE-2020-3800 HIGH
Adobe Acrobat and Reader <2020.006.20034 - Info Disclosure
CVSS 7.5
CVE-2020-6993 HIGH
Moxa PT-7528 and PT-7828 Series Firmware < 4.0 - Unauthenticated Exposure of Sensitive Information
CVSS 7.5
CVE-2020-4309 MEDIUM
IBM Content Navigator 3.0CD - Unauthenticated Exposure of Sensitive Information
CVSS 5.3
CVE-2020-10871 MEDIUM
OpenWrt LuCI git-20.x - Info Disclosure
CVSS 5.3
CVE-2020-1740 LOW
Ansible < 2.7.17 - Insecure Temporary File Handling in Vault Edit
CVSS 3.9
CVE-2020-1753 MEDIUM
Ansible Engine <2.7.17, <2.8.11, <2.9.7 - Info Disclosure
CVSS 5.0
CVE-2020-10090 MEDIUM
GitLab 11.7-12.8.1 - Unauthorized Information Disclosure in Group Epic Data
CVSS 5.3
CVE-2020-10195 MEDIUM
popup-builder < 3.64.1 - Authenticated Information Disclosure and Privilege Escalation via admin-post Actions
CVSS 6.3
CVE-2020-1739 LOW
Ansible <2.7.16, <2.8.8, <2.9.5 - Info Disclosure
CVSS 3.9
CVE-2020-6178 MEDIUM
SAP Enable Now <1911 - Info Disclosure
CVSS 5.4
CVE-2020-0062 HIGH
Android - Information Disclosure via Test Certificate in Euicc
CVSS 7.5
CVE-2020-0031 MEDIUM
Android 10 - Unauthorized Sensitive Information Exposure via Augmented Autofill
CVSS 5.0
CVE-2020-0029 LOW
Android 10 - Local Information Disclosure via WifiConfigManager Location History Storage
CVSS 2.3
CVE-2020-9386 MEDIUM
Mahara 18.10.0-18.10.5 - Exposure of Sensitive File Metadata to Unauthorized Group Members via Elasticsearch
CVSS 4.3
CVE-2020-9282 MEDIUM
Mahara 18.10.0-18.10.4, 19.04.0-19.04.3, 19.10.0-19.10.1 - Sensitive Information Exposure via Edit Access
CVSS 6.5
CVE-2020-10104 MEDIUM
Zammad 3.0-3.2 - Authenticated Exposure of Sensitive Information via URL
CVSS 4.3
CVE-2020-10096 HIGH
Zammad 3.0-3.2 - Unauthenticated Exposure of Sensitive Information via Browser Cache
CVSS 7.5
CVE-2020-7130 HIGH
HPE OneView Global Dashboard 1.9 - Exposure of Sensitive Information via Open Firewall Ports
CVSS 7.5
CVE-2020-3193 MEDIUM
Cisco Prime Collaboration Provisioning - Info Disclosure
CVSS 5.3
CVE-2020-3182 MEDIUM
Cisco Webex Meetings Client - Info Disclosure
CVSS 4.3
CVE-2020-9337 MEDIUM
GolfBuddy Course Manager 1.1 - Inadequate Encryption Strength via Base64-Encoded Password Transmission
CVSS 6.5
CVE-2020-5244 HIGH
BuddyPress < 5.1.2 - Unauthenticated Private User Data Exposure via REST API Endpoint
CVSS 8.0
CVE-2020-9043 HIGH
wpCentral < 1.5.1 - Unauthenticated Sensitive Information Exposure via Connection Key Disclosure
CVSS 8.8
Details
Vulnerabilities 10,152
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits