CWE-209

High likelihood

Generation of Error Message Containing Sensitive Information

Parent: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

The product generates an error message that includes sensitive information about its environment, users, or associated data.

561 vulnerabilities with CWE-209
CVE-2023-1210 LOW
GitLab 12.9-16.0.8 16.1-16.1.3 16.2-16.2.2 - Email Leak via Error Message
CVSS 3.1
CVE-2023-31429 MEDIUM
Brocade Fabric OS <9.1.1c-9.2.0 - Info Disclosure
CVSS 5.5
CVE-2023-20593 MEDIUM
Xen - Information Disclosure via Zen 2 CPU Microarchitectural Side Channel
CVSS 5.5
CVE-2023-25948 HIGH
Honeywell Experion Server 501.1-501.6hf8 - Information Disclosure via Error Message
CVSS 7.5
CVE-2023-3362 MEDIUM
GitLab CE/EE <16.0.6 & 16.1.0 - Info Disclosure
CVSS 5.3
CVE-2023-37260 HIGH
league/oauth2-server 8.3.2-8.5.3 - Sensitive Information Exposure in CryptKey Error Message
CVSS 8.2
CVE-2023-37306 HIGH
MISP 2.4.172 - Sensitive Information Exposure via Certificate File Extension Error Messages
CVSS 7.5
CVE-2023-34110 LOW
Flask-AppBuilder <4.3.2 - Info Disclosure
CVSS 2.7
CVE-2023-34339 LOW
JetBrains Ktor < 2.3.1 - Sensitive Information Exposure via Exception Message
CVSS 3.3
CVE-2023-33181 MEDIUM
Xibo 3.0.0-3.3.4 - Information Disclosure via API Error Stack Trace
CVSS 4.3
CVE-2023-28514 MEDIUM
IBM MQ 8.0, 9.0, and 9.1 - Sensitive Credential Exposure via Error Message
CVSS 6.2
CVE-2023-21103 MEDIUM
Android - Local Denial of Service via PhoneAccountRegistrar Uncaught Exception
CVSS 5.5
CVE-2023-27860 MEDIUM
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 - Sensitive Information Disclosure in Error Message
CVSS 5.3
CVE-2023-31286 MEDIUM
Serenity Serene <6.7.0 - Info Disclosure
CVSS 5.3
CVE-2023-23837 HIGH
No Exception Handling - Info Disclosure
CVSS 7.5
CVE-2023-29193 HIGH
spicedb < 1.19.1 - Sensitive Information Exposure via Debug Endpoint
CVSS 8.7
CVE-2023-28117 HIGH
Sentry SDK < 1.14.0 - Sensitive Cookie Value Leak via Django Integration
CVSS 7.6
CVE-2023-25687 MEDIUM
IBM Security Guardium Key Lifecycle Manager 3.0-4.1.1 Sensitive Info Exposure via Log Files
CVSS 4.3
CVE-2023-25695 MEDIUM
Apache Airflow < 2.5.2 - Sensitive Information Exposure via Error Message
CVSS 5.3
CVE-2023-27587 HIGH
readtomyshoe < 2023-03-13 - Sensitive Information Exposure via Google Cloud TTS Error Message
CVSS 7.4
CVE-2023-26052 LOW
Saleor 2.0.0-3.1.47 - Unauthenticated Sensitive Information Exposure via Error Messages
CVSS 3.7
CVE-2023-26051 MEDIUM
Saleor 2.0.0-3.1.47 - Authenticated Sensitive Information Exposure via Error Messages
CVSS 6.5
CVE-2023-25956 HIGH
Apache Airflow AWS Provider < 7.2.1 - Sensitive Information Exposure via Error Message
CVSS 7.5
CVE-2023-0655 MEDIUM
SonicWall Email Security < 10.0.19.7431 - Unauthenticated Sensitive Information Exposure via Error Page
CVSS 5.3
CVE-2023-22626 HIGH
PgHero < 3.1.0 - Information Disclosure via EXPLAIN Error Message
CVSS 7.5
Details
Vulnerabilities 561
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits