CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,172 vulnerabilities with CWE-200
CVE-2018-1000187 MEDIUM
Jenkins Kubernetes Plugin <1.7.0 - Info Disclosure
CVSS 6.5
CVE-2018-1000186 MEDIUM
Jenkins GitHub Pull Request Builder Plugin <1.41.0 - Info Disclosure
CVSS 6.5
CVE-2018-1000183 MEDIUM
Jenkins GitHub Plugin <1.29.0 - Info Disclosure
CVSS 6.5
CVE-2018-1332 MEDIUM
Apache Storm < 1.0.6, 1.1.3, 1.2.1 - User Impersonation via Daemon Communication
CVSS 6.5
CVE-2018-1000181 HIGH
Kitura < 2.3.0 - Unauthenticated Information Disclosure via Crafted URL
CVSS 7.5
CVE-2018-11554 CRITICAL
YzmCMS 3.2-3.7 - Response Discrepancy Information Exposure in Forgotten-Password Feature
CVSS 9.8
CVE-2018-3809 MEDIUM
serve < 7.0.0 - Unauthenticated Exposure of Sensitive Information via Directory Listing
CVSS 5.3
CVE-2018-11195 MEDIUM
Mahara 17.04.0-17.04.7, 17.10.0-17.10.4, 18.04.0 - Sensitive Information Exposure via Browser Back/Refresh
CVSS 6.8
CVE-2018-5525 MEDIUM
F5 BIG-IP <11.6.3.1 - Info Disclosure
CVSS 4.3
CVE-2018-11645 MEDIUM
Ghostscript < 9.20 - Exposure of Sensitive Information via Status Command
CVSS 5.3
CVE-2018-1532 MEDIUM
IBM API Connect 5.0.0.0-5.0.8.2 - Exposure of Sensitive Information via Static SESSIONID
CVSS 4.3
CVE-2018-11036 CRITICAL
Ruckuswireless Vsz Firmware - Information Disclosure
CVSS 9.1
CVE-2018-11565 MEDIUM
Mahara 17.04.0-17.04.7, 17.10.0-17.10.4, 18.04.0 - Unauthorized Username Exposure
CVSS 5.3
CVE-2018-11437 MEDIUM
libmobi 0.3 - Information Disclosure via Crafted MOBI File
CVSS 6.5
CVE-2018-11435 MEDIUM
libmobi 0.3 - Information Disclosure via Crafted MOBI File
CVSS 6.5
CVE-2018-1369 LOW
IBM Security Guardium Big Data Intelligence 3.1 - Exposure of Sensitive Information via URL Parameters
CVSS 3.7
CVE-2018-10732 MEDIUM
Dataiku Data Science Studio < 4.2.3 - Unauthenticated Sensitive Information Exposure via Profile Picture Visibility
CVSS 5.3
CVE-2018-11517 MEDIUM
mySCADA myPRO 7 - Unauthenticated Exposure of Sensitive Information via ProjectID Enumeration
CVSS 5.3
CVE-2018-11508 MEDIUM
Linux Kernel < 4.16.9 - Unauthorized Memory Read via adjtimex
CVSS 5.5
CVE-2018-11505 HIGH
Werewolf Online 0.8.8 - Exposure of Firebase Token via Logcat Output
CVSS 7.5
CVE-2018-6234 MEDIUM
Trend Micro Antivirus+ < 12.0 - Out-of-Bounds Read in tmnciesc.sys IOCTL 0x222814
CVSS 5.5
CVE-2018-1467 MEDIUM
IBM Storwize V7000 Unified <1.6 - Info Disclosure
CVSS 5.3
CVE-2018-11469 MEDIUM
HAProxy 1.8.0-1.8.9 - Unauthenticated Information Disclosure via Cached Authorization Header
CVSS 5.9
CVE-2018-1135 MEDIUM
Moodle 3.1.0-3.1.11 - Unauthenticated Exposure of Sensitive Information via Forum Post Export
CVSS 6.5
CVE-2018-10652 HIGH
Citrix XenMobile Server <10.7 - Info Disclosure
CVSS 7.5
Details
Vulnerabilities 10,172
Exploit Likelihood High