CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,142 vulnerabilities with CWE-200
CVE-2024-23493 MEDIUM
Mattermost < 8.1.9 and 9.4.0-9.4.1 - Missing Authorization for AD/LDAP Group Details
CVSS 4.3
CVE-2024-26470 HIGH
FullStackHero .NET 9 Starter Kit 1.0.0-1.0.1 - Password Reset Token Exposure via Host Header Injection
CVSS 8.1
CVE-2024-26132 MEDIUM
Element Android 0.91.0-1.6.12 - Unauthorized File Exposure via IncomingShareActivity
CVSS 4.0
CVE-2024-23302 HIGH
Couchbase Server < 7.2.4 - Private Key Exposure in goxdcr.log
CVSS 7.5
CVE-2024-0620 MEDIUM
PPWP - WordPress <1.8.9 - Info Disclosure
CVSS 5.3
CVE-2024-0616 MEDIUM
Passster WordPress <4.2.6.2 - Info Disclosure
CVSS 5.3
CVE-2024-26144 MEDIUM
Rails 5.2.0-6.1.7.6 - Sensitive Session Information Leak via Active Storage Blob Set-Cookie Header
CVSS 5.3
CVE-2024-27905 CRITICAL
Apache Aurora >= 0.5.0 - Unauthenticated Exposure of Sensitive Information via Padding Oracle
CVSS 9.1
CVE-2024-27356 HIGH
GL-iNet Firmware - Unauthenticated Sensitive Information Exposure via File Download Commands
CVSS 7.5
CVE-2024-24720 MEDIUM
Innovaphone PBX <14r1 - Info Disclosure
CVSS 5.3
CVE-2024-27456 CRITICAL
Rack CORS Middleware <2.0.1 - Info Disclosure
CVSS 9.1
CVE-2024-1436 MEDIUM
WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit <= 1.0.9 - Exposure of Sensitive Information
CVSS 5.3
CVE-2024-21501 MEDIUM
sanitize-html < 2.12.1 - Information Exposure via Style Attribute
CVSS 5.3
CVE-2024-24309 HIGH
ecomiz survey_tma < 2.0.0 - Unauthenticated Exposure of Sensitive Information
CVSS 7.5
CVE-2024-25130 MEDIUM
Tuleap <15.5.99.76 - Info Disclosure
CVSS 5.4
CVE-2024-24817 MEDIUM
Discourse Calendar <0.4 - Info Disclosure
CVSS 4.3
CVE-2024-26136 HIGH
openjsf electroncord < 2024-02-19 - Exposure of Sensitive Information via config.json
CVSS 7.5
CVE-2024-20937 MEDIUM
Oracle JD Edwards EnterpriseOne Tools < 9.2.8.1 - Unauthorized Data Access via Monitoring and Diagnostics SEC
CVSS 4.3
CVE-2024-24758 LOW
Undici < 5.28.3 - Exposure of Sensitive Information via Proxy-Authentication Header
CVSS 3.9
CVE-2024-0020 MEDIUM
Android - Unauthorized Audio File Access via NotificationSoundPreference Confused Deputy
CVSS 5.5
CVE-2024-1591 LOW
BeyondTrust Privilege Management for Windows < 24.1 - Authenticated Sensitive Information Exposure via Sysvol Access
CVSS 3.3
CVE-2024-0708 MEDIUM
Landing Page Cat - Coming Soon & Maintenance Pages <= 1.7.2 - Unauthenticated Sensitive Information Exposure
CVSS 5.3
CVE-2024-25121 HIGH
TYPO3 8.0.0-8.7.56 - Authenticated Improper Access Control in File Abstraction Layer
CVSS 7.1
CVE-2024-25120 MEDIUM
TYPO3 Core - Unauthorized Resource Access via t3:// URI Scheme
CVSS 4.3
CVE-2024-25119 MEDIUM
TYPO3 8.0.0-8.7.56 - Authenticated Exposure of Sensitive Information via Install Tool Editing Forms
CVSS 4.9
Details
Vulnerabilities 10,142
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits