CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2023-49877 MEDIUM
IBM Virtualization Engine TS7700 Firmware < 8.52.103.23 / < 8.53.1.21 - Sensitive Information Exposure
CVSS 4.3
CVE-2023-47619 HIGH
audiobookshelf < 2.4.3 - Authenticated Server-Side Request Forgery and Arbitrary File Read/Delete via Update Permission
CVSS 8.1
CVE-2023-6757 MEDIUM
IceCMS 2.0.1 - Information Disclosure in API PlanetUser Endpoint
CVSS 5.3
CVE-2023-45725 MEDIUM
Apache CouchDB < 3.3.2 - Exposure of Sensitive Information via Design Document Functions
CVSS 5.7
CVE-2023-50263 LOW
Nautobot 1.x-2.0.x < 1.6.7/2.0.6 - Unauthenticated Arbitrary File Download via FileProxy Endpoints
CVSS 3.7
CVE-2023-48225 HIGH
Laf - Exposure of Sensitive Information via Environment Variable Handling
CVSS 8.9
CVE-2023-49278 MEDIUM
Umbraco <8.0.0-8.18.10-12.3.4 - Info Disclosure
CVSS 5.3
CVE-2023-49274 LOW
Umbraco <8.0.0-8.18.10-12.3.4 - Info Disclosure
CVSS 3.7
CVE-2023-35636 MEDIUM
Microsoft 365 Apps and Office - Unauthorized Information Exposure via Outlook
CVSS 6.5
CVE-2023-35625 MEDIUM
Azure Machine Learning SDK < 1.5.0 - Exposure of Sensitive Information
CVSS 4.7
CVE-2023-6727 LOW
Mattermost < 8.1.5 - Unauthorized Playbook Action Creation and Information Leak
CVSS 3.1
CVE-2023-46701 MEDIUM
Mattermost < 7.8.14 - Unauthenticated Information Disclosure via Playbooks Plugin Timeline Endpoint
CVSS 6.5
CVE-2023-42884 MEDIUM
iPadOS < 16.7.3 - Unauthorized Kernel Memory Exposure
CVSS 5.5
CVE-2023-6615 LOW
Typecho 1.2.1 - Information Disclosure via /admin/manage-users.php Page Parameter
CVSS 3.5
CVE-2023-6393 MEDIUM
Quarkus Cache Runtime - Info Disclosure
CVSS 5.3
CVE-2023-6459 MEDIUM
Mattermost < 7.8.14 and < 8.1.5 - Unauthenticated Exposure of Sensitive Channel IDs via Metrics Endpoint
CVSS 5.3
CVE-2023-49283 MEDIUM
microsoft-graph-core - Info Disclosure
CVSS 5.4
CVE-2023-49282 MEDIUM
Microsoft Graph 1.16.0-1.109.0 - Exposure of Sensitive Information via GetPhpInfo.php
CVSS 5.4
CVE-2023-49292 MEDIUM
ecies Go <2.0.8 - Private Key Recovery via Invalid Curve Operations
CVSS 4.9
CVE-2023-37868 MEDIUM
Leap13 Premium Addons PRO < 2.9.0 - Exposure of Sensitive Information
CVSS 6.5
CVE-2023-36523 MEDIUM
Gopi Ramasamy Email <3.7 - Info Disclosure
CVSS 5.3
CVE-2023-36507 MEDIUM
Repute Infosystems BookingPress - Info Disclosure
CVSS 5.3
CVE-2023-26533 MEDIUM
Gesundheit Bewegt GmbH Zippy <1.6.1 - Info Disclosure
CVSS 6.5
CVE-2023-25057 MEDIUM
Libsyn Publisher Hub <= 1.3.2 - Exposure of Sensitive Information
CVSS 5.3
CVE-2023-48333 MEDIUM
Booster for WooCommerce <= 7.1.1 - Authenticated Exposure of Sensitive Order Information
CVSS 6.5
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits