CWE-201

Insertion of Sensitive Information Into Sent Data

Parent: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

324 vulnerabilities with CWE-201
CVE-2023-5831 LOW
GitLab CE/EE <16.3.6, <16.4.2, <16.5.1 - Info Disclosure
CVSS 3.7
CVE-2023-32275 MEDIUM
SoftEther VPN 4.41-9782-beta and 5.01.9674 - Information Disclosure via CtEnumCa()
CVSS 5.5
CVE-2023-3413 MEDIUM
GitLab <16.2.8-16.4.1 - Info Disclosure
CVSS 6.5
CVE-2023-4378 MEDIUM
GitLab CE/EE <16.1.5, <16.2.5, <16.3.1 - Info Disclosure
CVSS 5.5
CVE-2023-4002 MEDIUM
GitLab EE <16.0.8, <16.1.3, <16.2.2 - Info Disclosure
CVSS 5.3
CVE-2023-1401 MEDIUM
GitLab DAST Scanner 3.0.29-4.0.5 - Cookie Leak on Redirect
CVSS 5.0
CVE-2023-3102 MEDIUM
GitLab EE <16.0.6-16.1.1 - Info Disclosure
CVSS 5.3
CVE-2023-34968 MEDIUM
Samba < 4.16.11 - Path Disclosure via Spotlight Protocol
CVSS 5.3
CVE-2023-3299 LOW
HashiCorp Nomad 1.2.11-1.5.6 and 1.4.10 - Sensitive Information Exposure in ACL Policy Block
CVSS 3.4
CVE-2023-2620 MEDIUM
GitLab CE/EE <15.11.10, <16.0.6, <16.1.1 - Info Disclosure
CVSS 5.5
CVE-2023-1825 LOW
GitLab EE <15.10.8/<15.11.7/<16.0.2 - Info Disclosure
CVSS 3.1
CVE-2023-1975 MEDIUM
GitHub answerdev/answer <1.0.8 - Info Disclosure
CVSS 6.5
CVE-2023-28117 HIGH
Sentry SDK < 1.14.0 - Sensitive Cookie Value Leak via Django Integration
CVSS 7.6
CVE-2022-45428 LOW
Dahua DSS Express and DSS Professional - Sensitive Information Leakage via Debugging Interface
CVSS 2.7
CVE-2022-23488 MEDIUM
BigBlueButton < 2.4-rc-6 - Unauthorized Webcam Stream Access via Lock Setting Bypass
CVSS 6.5
CVE-2022-28224 MEDIUM
Calico < 3.20.5, Calico Enterprise < 3.11.4, Calico 3.22.0-3.22.1 - Route Hijacking via Floating IP Annotation
CVSS 5.5
CVE-2022-27779 MEDIUM
curl 7.82.0-7.83.0 - Cookie Injection for Top-Level Domains via Trailing Dot Bypass
CVSS 5.3
CVE-2022-27671 MEDIUM
SAP BusinessObjects Business Intelligence Platform - Information Disclosure via CSRF Token in URL
CVSS 6.5
CVE-2022-0018 MEDIUM
GlobalProtect 5.1-5.1.9 and 5.2-5.2.8 - Unauthenticated Credential Exposure via Single Sign-On Feature
CVSS 6.1
CVE-2021-1425 MEDIUM
Cisco AsyncOS Software - Info Disclosure
CVSS 4.3
CVE-2021-34771 MEDIUM
Cisco IOS XR < 7.3.2 - Authenticated Information Disclosure via CLI Command
CVSS 5.5
CVE-2021-32653 LOW
Nextcloud Server <19.0.11, 20.0.10, 21.0.2 - Info Disclosure
CVSS 2.7
CVE-2021-23019 HIGH
NGINX Controller <3.15.0 - Info Disclosure
CVSS 7.8
CVE-2021-26566 HIGH
Synology DiskStation Manager < 6.2.3-25426-3 - Remote Code Execution via QuickConnect Traffic
CVSS 8.3
CVE-2021-1128 MEDIUM
Cisco IOS XR - Authenticated Information Disclosure via CLI Command
CVSS 5.5
Details
Vulnerabilities 324
Links
MITRE CWE Entry Search this CWE With Exploits