CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2023-46115 HIGH
Tauri - Insufficiently Protected Credentials via Vite Configuration Misuse
CVSS 8.4
CVE-2023-41893 MEDIUM
Home Assistant < 2023.9.0 - Unauthenticated Exposure of Sensitive Information via OAuth Redirect URI Manipulation
CVSS 4.3
CVE-2023-45809 LOW
Wagtail < 4.1.9 - Authenticated Information Disclosure via User Account Bulk Action URL
CVSS 2.7
CVE-2023-42666 MEDIUM
dexgate - Exposure of Sensitive Information via Web Server Version Request
CVSS 5.3
CVE-2023-5254 MEDIUM
ChatBot plugin <4.8.9 - Info Disclosure
CVSS 5.3
CVE-2023-34437 HIGH
Bently Nevada 3500 System TDI Firmware 5.05 - Exposure of Sensitive Information via Password Retrieval Functionality
CVSS 7.5
CVE-2023-45912 HIGH
WIPOTEC GmbH ComScale <4.4.12.723 - Info Disclosure
CVSS 7.5
CVE-2023-5642 CRITICAL
Advantech R-SeeNet 2.4.23 - Unauthenticated Sensitive Information Exposure via snmpmon.ini
CVSS 9.8
CVE-2023-5552 HIGH
Sophos Firewall < 19.5.3 - Password Disclosure via Secure PDF eXchange Feature
CVSS 7.1
CVE-2023-22086 HIGH
Oracle WebLogic Server <14.1.1.0.0 - Unauthorized Access
CVSS 7.5
CVE-2023-22019 HIGH
Oracle HTTP Server <12.2.1.4.0 - Unauthorized Access
CVSS 7.5
CVE-2023-45803 MEDIUM
urllib3 < 1.26.18 and 2.0.0-2.0.7 - Exposure of Sensitive Information via HTTP Redirect
CVSS 4.2
CVE-2023-5339 MEDIUM
Mattermost Desktop < 5.4.0 - Sensitive Information Exposure via Keystroke Logging
CVSS 4.7
CVE-2023-41752 HIGH
Apache Traffic Server 8.0.0-8.1.8 9.0.0-9.2.2 - Exposure of Sensitive Information
CVSS 7.5
CVE-2023-45131 HIGH
Discourse < 3.1.1 - Unauthenticated Exposure of Sensitive Information via MessageBus
CVSS 7.5
CVE-2023-44394 MEDIUM
MantisBT < 2.25.8 - Unauthorized Private Project Name Exposure via Wiki Page ID Enumeration
CVSS 4.3
CVE-2023-44391 MEDIUM
Discourse < 3.1.1 - Unauthenticated Exposure of Sensitive User Information via User Summaries
CVSS 5.3
CVE-2023-43814 LOW
Discourse <3.1.1-3.2.0.beta2 - Info Disclosure
CVSS 3.7
CVE-2023-45147 MEDIUM
Discourse < 3.1.1 - Exposure of Sensitive Information via Topic Custom Fields
CVSS 4.9
CVE-2023-38059 MEDIUM
OTRS 6.0.0-6.0.34 and 7.0.0-7.0.47 - Exposure of Sensitive Information via Protocol-Relative URL Bypass
CVSS 5.3
CVE-2023-5579 LOW
yzh66 Sandbox 6.1.0 - Information Disclosure in User Data Handler
CVSS 3.5
CVE-2023-45348 MEDIUM
Apache Airflow 2.7.0-2.7.1 - Authenticated Exposure of Sensitive Configuration Information
CVSS 4.3
CVE-2023-42780 MEDIUM
Apache Airflow < 2.7.2 - Authenticated Exposure of Sensitive Information via DAG Warning List
CVSS 6.5
CVE-2023-42663 MEDIUM
Apache Airflow < 2.7.2 - Authenticated Exposure of Sensitive Task Instance Information
CVSS 6.5
CVE-2023-39999 MEDIUM
WordPress 4.1-6.3.1 - Exposure of Sensitive Information to an Unauthorized Actor
CVSS 4.3
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits