CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,152 vulnerabilities with CWE-200
CVE-2019-15583 HIGH
GitLab < 12.3.2, < 12.2.6, < 12.1.12 - Unauthorized Information Disclosure via Issue Move API
CVSS 7.5
CVE-2019-15579 MEDIUM
GitLab < 12.3.2, < 12.2.6, < 12.1.12 - Unauthorized Exposure of Confidential Issue Assignees via Milestones
CVSS 5.3
CVE-2019-15578 MEDIUM
GitLab < 12.3.2, < 12.2.6, < 12.1.12 - Exposure of Private Project Path in Unsubscribe Email Link
CVSS 5.3
CVE-2019-19631 HIGH
Big Switch <6.2.4,6.3.9,7.0.3,7.1.3 - Info Disclosure
CVSS 8.8
CVE-2019-14301 HIGH
Ricoh SP C250DN 1.06 - Info Disclosure
CVSS 7.5
CVE-2019-4559 MEDIUM
IBM QRadar SIEM <7.3.4 - Info Disclosure
CVSS 5.3
CVE-2019-6331 LOW
Samsung Mobile Print < 4.08.007 - Exposure of Sensitive Information via Incomplete Obfuscation
CVSS 3.3
CVE-2019-17018 MEDIUM
Firefox < 72.0 - Unauthorized Sensitive Information Exposure via Windows Keyboard Suggestions
CVSS 5.3
CVE-2019-14820 MEDIUM
Keycloak < 8.0.0 - Exposure of Sensitive Information via Internal Adapter Endpoints
CVSS 4.3
CVE-2019-6700 MEDIUM
FortiSIEM < 5.2.5 - Authenticated Information Exposure via External Authentication Profile Form
CVSS 6.5
CVE-2019-9541 MEDIUM
Telos Automated Message Handling System <4.1.5.5 - Info Disclosure
CVSS 6.1
CVE-2019-19256 MEDIUM
GitLab 12.2.0-12.5.0 - Exposure of Sensitive Information via Incorrect Access Control
CVSS 5.3
CVE-2019-19254 MEDIUM
GitLab CE/EE <12.5 - Info Disclosure
CVSS 5.3
CVE-2019-19983 MEDIUM
Fast Velocity Minify < 2.7.7 - Exposure of Sensitive Information via Debug Mode
CVSS 4.3
CVE-2019-11294 MEDIUM
Cloud Foundry CAPI 1.88.0 - Unauthorized Exposure of Sensitive Service Broker Information
CVSS 4.3
CVE-2019-5073 MEDIUM
WAGO PFC200/100 <3.01.07-3.00.39 - Info Disclosure
CVSS 5.3
CVE-2019-15580 MEDIUM
GitLab < 12.1.10, < 12.2.6, < 12.3.2 - Unauthenticated Information Exposure via Blocking Merge Request Feature
CVSS 6.5
CVE-2019-15577 MEDIUM
GitLab <12.3.2, <12.2.6, <12.1.12 - Unauthorized Information Disclosure via Groups Browsing
CVSS 4.3
CVE-2019-15576 HIGH
GitLab <12.3.2, <12.2.6, <12.1.12 - Unauthenticated Information Disclosure via GraphQL Endpoint
CVSS 7.5
CVE-2019-8730 LOW
macOS < 10.15 - Unprotected User Data Exposure via Locked Notes Search
CVSS 3.3
CVE-2019-8620 HIGH
iPhone OS < 12.3 - Unauthorized User Data Exposure via WiFi MAC Address Broadcast
CVSS 7.5
CVE-2019-8567 HIGH
iPhone OS < 12.2 - Unauthorized Exposure of WiFi MAC Address
CVSS 7.5
CVE-2019-3993 HIGH
elog < 3.1.4-57bea22 - Unauthenticated Cleartext Transmission of Sensitive Information via HTTP POST Request
CVSS 7.5
CVE-2019-3992 HIGH
ELOG < 3.1.4-57bea22 - Unauthenticated Information Disclosure via Configuration File Access
CVSS 7.5
CVE-2019-12414 MEDIUM
Apache Superset < 0.32 - Unauthorized Database Name Exposure in SQLLab Dropdown
CVSS 5.3
Details
Vulnerabilities 10,152
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits