CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,134 vulnerabilities with CWE-200
CVE-2024-6547 MEDIUM
Add Admin CSS <2.0.1 - Info Disclosure
CVSS 5.3
CVE-2024-6546 MEDIUM
One Click Close Comments <2.7.1 - Info Disclosure
CVSS 5.3
CVE-2024-6545 MEDIUM
Admin Trim Interface <3.5.1 - Info Disclosure
CVSS 5.3
CVE-2024-7128 MEDIUM
Red Hat OpenShift Container Platform 4.16-4.18 - Exposure of Sensitive Information via Unauthenticated Endpoints
CVSS 5.3
CVE-2024-7091 MEDIUM
GitLab 15.6-17.0.4, 17.1-17.1.2, 17.2 - Unauthorized Information Disclosure via Exported Group or Project
CVSS 4.1
CVE-2024-7060 LOW
GitLab 15.4-17.0.4, 17.1-17.1.2, 17.2 - Unauthorized Information Disclosure in Project/Group Exports
CVSS 2.6
CVE-2024-5067 MEDIUM
GitLab 16.11-17.0.4, 17.1-17.1.2, 17.2 - Unauthorized Exposure of Project Analytics Settings
CVSS 4.4
CVE-2024-41672 HIGH
DuckDB < 1.1.0 - Unauthorized File Read via sniff_csv Function
CVSS 7.5
CVE-2024-39676 HIGH
Apache Pinot 0.1-1.0.0 - Exposure of Sensitive Information via /appconfigs Endpoint
CVSS 7.5
CVE-2024-6571 MEDIUM
Wpchill Optimize Images Alt Text (alt Tag) & Names For Seo Using AI < 3.1.2 - Information Disclosure
CVSS 5.3
CVE-2024-6553 MEDIUM
WP Meteor Website Speed Optimization Addon <3.4.3 - Info Disclosure
CVSS 5.3
CVE-2024-23321 HIGH
Apache RocketMQ 4.5.2-5.2.0 - Authenticated Sensitive Information Exposure via Specific Interfaces
CVSS 8.8
CVE-2024-6560 MEDIUM
Addonify - Quick View For WooCommerce <1.2.16 - Info Disclosure
CVSS 5.3
CVE-2024-6455 MEDIUM
ElementsKit Elementor addons <3.2.0 - Info Disclosure
CVSS 5.3
CVE-2024-40647 MEDIUM
Sentry-sdk <2.8.0 - Info Disclosure
CVSS 5.3
CVE-2024-29885 MEDIUM
Silverstripe Reports <5.2.3 - Info Disclosure
CVSS 4.3
CVE-2024-40633 MEDIUM
Sylius <1.12.18-1.13.3 - Info Disclosure
CVSS 5.3
CVE-2024-20396 MEDIUM
Cisco Webex App - Unauthenticated Exposure of Sensitive Information via File Protocol Handler
CVSS 5.3
CVE-2024-21152 HIGH
Oracle Process Manufacturing Financials 12.2.12-12.2.13 - Sensitive Information Exposure in Allocation Rules
CVSS 8.1
CVE-2024-21147 HIGH
Netapp Active IQ Unified Manager - Information Disclosure
CVSS 7.4
CVE-2024-21140 MEDIUM
Netapp Bluexp - Information Disclosure
CVSS 4.8
CVE-2024-21136 HIGH
Oracle Retail Xstore Office <=23.0.1 - Unauthenticated Sensitive Information Exposure
CVSS 8.6
CVE-2024-6395 MEDIUM
GitHub Enterprise Server <3.14 - Info Disclosure
CVSS 5.3
CVE-2024-6336 MEDIUM
GitHub Enterprise Server <3.14 - Info Disclosure
CVSS 5.3
CVE-2024-6570 MEDIUM
Glossary plugin <2.2.26 - Info Disclosure
CVSS 5.3
Details
Vulnerabilities 10,134
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits