CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,153 vulnerabilities with CWE-200
CVE-2019-9179 LOW
GitLab < 11.6.10, 11.7.x < 11.7.6, 11.8.x < 11.8.1 - Information Exposure
CVSS 3.7
CVE-2019-9175 MEDIUM
GitLab < 11.6.10, 11.7.x < 11.7.6, 11.8.x < 11.8.1 - Information Exposure
CVSS 5.3
CVE-2019-0040 CRITICAL
Junos OS 15.1-17.4 - Information Disclosure and Partial Denial of Service via rpcbind Port 111
CVSS 9.1
CVE-2019-10243 MEDIUM
Eclipse Kura < 4.0.0 - Sensitive Information Exposure via Web Server Version Disclosure
CVSS 5.3
CVE-2019-4051 MEDIUM
IBM API Connect 2018.1-2018.4.1.3 - Exposure of Sensitive System Information via URIs
CVSS 5.3
CVE-2019-3869 HIGH
Ansible Tower < 3.3.5 - Sensitive Information Exposure via Environment Variables
CVSS 7.2
CVE-2019-1762 MEDIUM
Cisco IOS and IOS XE - Exposure of Sensitive System Information via Secure Storage Feature
CVSS 4.4
CVE-2019-7436 MEDIUM
PHP Scripts Mall Opensource Classified Ads Script <3.2.2 - Path Tra...
CVSS 6.5
CVE-2019-7434 MEDIUM
PHP Scripts Mall Rental Bike Script <2.0.3 - Path Traversal
CVSS 6.5
CVE-2019-7431 MEDIUM
PHP Scripts Mall Image Sharing Script <1.3.4 - Path Traversal
CVSS 6.5
CVE-2019-7429 MEDIUM
PHP Scripts Mall Property Rental Software 2.1.4 - Path Traversal
CVSS 6.5
CVE-2019-3615 MEDIUM
McAfee Database Security < 4.6.6 - Password Exposure via Admin Login Autocomplete
CVSS 5.3
CVE-2019-3781 HIGH
Cloud Foundry CLI <6.43.0 - Info Disclosure
CVSS 8.8
CVE-2019-6206 CRITICAL
iPhone OS < 12.1.3 - Password Autofill Information Exposure
CVSS 9.8
CVE-2019-4061 MEDIUM
IBM BigFix Platform 9.2-9.5 < 9.2.16 - Unauthenticated Information Exposure via Relay Query
CVSS 5.3
CVE-2019-9126 HIGH
D-Link DIR-825 Rev.B 2.10 - Unauthenticated Exposure of Sensitive Information via router_info.xml
CVSS 7.5
CVE-2019-1681 HIGH
Cisco IOS XR < 6.5.2 - Unauthenticated Path Traversal via TFTP Service
CVSS 7.5
CVE-2019-3610 MEDIUM
McAfee True Key < 3.1.9211.0 - Unauthorized Data Exposure via Malware
CVSS 5.6
CVE-2019-7628 MEDIUM
Pagure - Exposure of Sensitive Information via API Key Expiration Reminder E-Mail
CVSS 5.9
CVE-2019-7535 MEDIUM
Gurock TestRail <5.3.0.3603 - Info Disclosure
CVSS 5.3
CVE-2019-1003021 MEDIUM
Jenkins OpenId Connect Authentication Plugin <1.4 - Info Disclosure
CVSS 4.3
CVE-2019-1003018 MEDIUM
Jenkins GitHub Auth Plug <0.29 - Info Disclosure
CVSS 4.3
CVE-2019-7388 HIGH
D-Link DIR-823G <1.02B03 - Info Disclosure
CVSS 7.5
CVE-2019-7312 MEDIUM
PRIMX Zed Entreprise <6.1.2240 - Info Disclosure
CVSS 5.3
CVE-2019-1657 MEDIUM
Cisco AMP Threat Grid Appliance < 2.5 and Cloud < 3.5.68 - Authenticated Sensitive Information Exposure via API Key
CVSS 4.3
Details
Vulnerabilities 10,153
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits