CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,172 vulnerabilities with CWE-200
CVE-2017-7831 MEDIUM
Firefox < 57 - Exposure of Sensitive Information via Deprecated _exposedProps_ Mechanism
CVSS 5.3
CVE-2017-7812 MEDIUM
Firefox < 56 - Unauthorized File Access via Drag-and-Drop to Browser UI
CVSS 5.3
CVE-2017-7808 MEDIUM
Firefox < 55.0 - Cross-Origin Information Leak via CSP frame-ancestors Path Comparison
CVSS 5.3
CVE-2017-7787 HIGH
Debian Linux < 52.3 - Information Disclosure
CVSS 7.5
CVE-2017-7768 MEDIUM
Firefox < 52.2.0 - Unauthenticated Exposure of Sensitive Information via Maintenance Service
CVSS 5.5
CVE-2017-7759 HIGH
Firefox < 54.0 - Exposure of Sensitive Information via Android Intent URL Handling
CVSS 7.5
CVE-2017-5454 HIGH
Redhat Enterprise Linux < 53.0 - Information Disclosure
CVSS 7.5
CVE-2017-5425 HIGH
Gecko Media Plugin - Info Disclosure
CVSS 7.5
CVE-2017-5414 MEDIUM
Firefox < 52.0 - Information Disclosure via File Picker Dialog
CVSS 5.5
CVE-2017-5408 MEDIUM
Debian Linux < 52.0 - Information Disclosure
CVSS 5.3
CVE-2017-5407 MEDIUM
Debian Linux < 52.0 - Information Disclosure
CVSS 6.5
CVE-2017-5385 HIGH
Firefox < 51.0 - Information Disclosure via Multipart Channel Referrer-Policy Bypass
CVSS 7.5
CVE-2017-5384 MEDIUM
Firefox < 51.0 - HTTPS URL Exposure via Proxy Auto-Config
CVSS 5.9
CVE-2017-5382 HIGH
Firefox < 51.0 - Exposure of Sensitive Information via RSS Feed Preview
CVSS 7.5
CVE-2017-5378 HIGH
Thunderbird <45.7, Firefox ESR <45.7, Firefox <51 - Info Disclosure
CVSS 7.5
CVE-2017-16225 HIGH
aegir 12.0.0-12.0.7 - GitHub Token Exposure
CVSS 7.5
CVE-2017-16206 HIGH
Cofee-Script - Info Disclosure
CVSS 7.5
CVE-2017-16205 HIGH
Coffeescript - Info Disclosure
CVSS 7.5
CVE-2017-16204 HIGH
jquey - Unauthorized Sensitive Data Exfiltration During Installation
CVSS 7.5
CVE-2017-16203 HIGH
coffescript - Exposure of Sensitive Information via Installation Process
CVSS 7.5
CVE-2017-16202 HIGH
cofeescript - Unauthorized Sensitive Data Exposure via Installation Process
CVSS 7.5
CVE-2017-16126 MEDIUM
botbait < 2.0.0 - Unauthorized Exposure of Sensitive User Information
CVSS 5.3
CVE-2017-16081 HIGH
cross-env.js - Exposure of Sensitive Information via Malicious Environment Variable Hijacking
CVSS 7.5
CVE-2017-16080 HIGH
nodesass - Exposure of Sensitive Information via Malicious Environment Variable Hijacking
CVSS 7.5
CVE-2017-16079 HIGH
smb - Exposure of Sensitive Information via Malicious Environment Variable Hijacking
CVSS 7.5
Details
Vulnerabilities 10,172
Exploit Likelihood High