CWE-201

Insertion of Sensitive Information Into Sent Data

Parent: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

324 vulnerabilities with CWE-201
CVE-2024-39315 MEDIUM
Pomerium < 0.26.1 - Unintended OAuth2 Token Exposure via User Info Page
CVSS 5.7
CVE-2024-5213 MEDIUM
mintplex-labs/anything-llm <1.5.3 - Info Disclosure
CVSS 6.5
CVE-2024-37881 MEDIUM
SiteGuard WP Plugin <1.7.7 - Info Disclosure
CVSS 5.3
CVE-2024-35189 MEDIUM
Fides < 2.37.0 - Sensitive Information Exposure via BigQuery Keyfile Creds API
CVSS 6.5
CVE-2024-34812 MEDIUM
RadiusTheme ShopBuilder - Info Disclosure
CVSS 5.3
CVE-2024-34556 MEDIUM
UkrSolution Barcode Scanner <1.5.4 - Info Disclosure
CVSS 5.3
CVE-2024-4536 MEDIUM
Eclipse EDC Connector 0.2.1-0.6.2 - OAuth2 Client Secret Exposure via Data Sink Configuration
CVSS 6.8
CVE-2024-32825 HIGH
Patrick Posner Simply Static <3.1.3 - Info Disclosure
CVSS 7.5
CVE-2024-32796 MEDIUM
Very Good Plugins WP Fusion Lite - Info Disclosure
CVSS 4.3
CVE-2024-32782 MEDIUM
HT Mega for Elementor <= 2.4.7 - Sensitive Data Exposure
CVSS 4.3
CVE-2024-32028 MEDIUM
OpenTelemetry dotnet - Info Disclosure
CVSS 4.1
CVE-2024-31278 MEDIUM
Premium Addons for Elementor <= 4.10.22 - Sensitive Data Exposure
CVSS 4.3
CVE-2024-28173 MEDIUM
JetBrains TeamCity <2023.11.4 - Info Disclosure
CVSS 4.3
CVE-2024-1435 MEDIUM
tainacan Tainacan <= 0.20.6 - Sensitive Data Exposure via Log File
CVSS 5.3
CVE-2024-26270 MEDIUM
Liferay Portal/DXP - Info Disclosure
CVSS 6.5
CVE-2024-25150 MEDIUM
Liferay Portal/DXP - Info Disclosure
CVSS 4.3
CVE-2024-25148 MEDIUM
Liferay Portal/DXP <7.4.1-SP3, 7.2<FP15 - Privilege Escalation
CVSS 5.4
CVE-2024-23506 HIGH
InstaWP Connect <= 0.1.0.9 - Sensitive Data Exposure
CVSS 7.7
CVE-2023-38013 MEDIUM
IBM Cloud Pak System <2.3.3.7 - Info Disclosure
CVSS 5.3
CVE-2023-6916 HIGH
OpenAPI <version> - Info Disclosure
CVSS 7.2
CVE-2023-49261 HIGH
Token Key Disclosure - Info Disclosure
CVSS 7.5
CVE-2023-49594 MEDIUM
DuoUniversalKeycloakAuthenticator < 1.0.8 - Information Disclosure via Challenge Functionality
CVSS 4.5
CVE-2023-3949 MEDIUM
GitLab <16.4.3-16.5.3-16.6.1 - Info Disclosure
CVSS 5.3
CVE-2023-48240 CRITICAL
XWiki 11.10.1-14.10.14 - Cookie Theft and Server-Side Request Forgery via Diff Image Embedding
CVSS 9.0
CVE-2023-3399 HIGH
GitLab EE <16.3.6, <16.4.2, <16.5.1 - Info Disclosure
CVSS 8.5
Details
Vulnerabilities 324
Links
MITRE CWE Entry Search this CWE With Exploits