V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
← Back to List
CWE-200ClassDraft
Abstraction: Class
Status: Draft
Source ↗

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Open in catalog with CWE filter →

Related CAPECs

CAPEC-13
Subverting Environment Variable Values
CAPEC-22
Exploiting Trust in Client
CAPEC-59
Session Credential Falsification through Prediction
CAPEC-60
Reusing Session IDs (aka Session Replay)
CAPEC-79
Using Slashes in Alternate Encoding
CAPEC-116
Excavation
CAPEC-169
Footprinting
CAPEC-224
Fingerprinting
CAPEC-285
ICMP Echo Request Ping
CAPEC-287
TCP SYN Scan
CAPEC-290
Enumerate Mail Exchange (MX) Records
CAPEC-291
DNS Zone Transfers
CAPEC-292
Host Discovery
CAPEC-293
Traceroute Route Enumeration
CAPEC-294
ICMP Address Mask Request
CAPEC-295
Timestamp Request
CAPEC-296
ICMP Information Request
CAPEC-297
TCP ACK Ping
CAPEC-298
UDP Ping
CAPEC-299
TCP SYN Ping
CAPEC-300
Port Scanning
CAPEC-301
TCP Connect Scan
CAPEC-302
TCP FIN Scan
CAPEC-303
TCP Xmas Scan
CAPEC-304
TCP Null Scan
CAPEC-305
TCP ACK Scan
CAPEC-306
TCP Window Scan
CAPEC-307
TCP RPC Scan
CAPEC-308
UDP Scan
CAPEC-309
Network Topology Mapping
CAPEC-310
Scanning for Vulnerable Software
CAPEC-312
Active OS Fingerprinting
CAPEC-313
Passive OS Fingerprinting
CAPEC-317
IP ID Sequencing Probe
CAPEC-318
IP 'ID' Echoed Byte-Order Probe
CAPEC-319
IP (DF) 'Don't Fragment Bit' Echoing Probe
CAPEC-320
TCP Timestamp Probe
CAPEC-321
TCP Sequence Number Probe
CAPEC-322
TCP (ISN) Greatest Common Divisor Probe
CAPEC-323
TCP (ISN) Counter Rate Probe
CAPEC-324
TCP (ISN) Sequence Predictability Probe
CAPEC-325
TCP Congestion Control Flag (ECN) Probe
CAPEC-326
TCP Initial Window Size Probe
CAPEC-327
TCP Options Probe
CAPEC-328
TCP 'RST' Flag Checksum Probe
CAPEC-329
ICMP Error Message Quoting Probe
CAPEC-330
ICMP Error Message Echoing Integrity Probe
CAPEC-472
Browser Fingerprinting
CAPEC-497
File Discovery
CAPEC-508
Shoulder Surfing
CAPEC-573
Process Footprinting
CAPEC-574
Services Footprinting
CAPEC-575
Account Footprinting
CAPEC-576
Group Permission Footprinting
CAPEC-577
Owner Footprinting
CAPEC-616
Establish Rogue Location
CAPEC-643
Identify Shared Files/Directories on System
CAPEC-646
Peripheral Footprinting
CAPEC-651
Eavesdropping

Related vulnerabilities

CVE-2026-40965Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC (Elliptic Curve) private keys are inadvertently exposed through the public /token_keys endpoint. This endpoint is designed to provide public key material for JWT token verification but incorrectly exposes private key components for EC keys. The vulnerability affects deployments using EC keys for JWT token signing. The vulnerability does not affect RSA key configurations, only deployments using EC keys for JWT signing. Affected versions: - uaa_release: v76.12.0 through v78.12.0 (inclusive); fixed in v78.13.0 or later - CF Deployment: v30.0.0 through v56.0.0 (inclusive); fixed in v56.1.0 or later (bundles uaa_release v78.13.0)
CVE-2026-22240The vulnerability exists in BLUVOYIX due to an improper password storage implementation and subsequent exposure via unauthenticated APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable users API to retrieve the plaintext passwords of all user users. Successful exploitation of this vulnerability could allow the attacker to gain full access to customers' data and completely compromise the targeted platform by logging in using an exposed admin email address and password.
CVE-2026-22237The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the APIs exposed by the documentation. Successful exploitation of this vulnerability could allow the attacker to cause damage to the targeted platform by abusing internal functionality.
CVE-2025-61481An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by default, allowing an on-path attacker to execute injected JavaScript in the administrator’s browser and intercept credentials.
CVE-2025-53624The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuration options. The token, intended for build-time API access only, is inadvertently included in client-side JavaScript bundles, making it accessible to anyone who can view the website's source code. This vulnerability is fixed in 4.0.0.
CVE-2025-29270Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and complete control of the device.
CVE-2025-22612Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.374, the missing authorization allows an authenticated user to retrieve any existing private keys on a coolify instance in plain text. If the server configuration of IP / domain, port (most likely 22) and user (root) matches with the victim's server configuration, then the attacker can execute arbitrary commands on the remote server. Version 4.0.0-beta.374 fixes the issue.
CVE-2025-12363Email Password Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2022-29165Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2.3.4 which would allow unauthenticated users to impersonate as any Argo CD user or role, including the `admin` user, by sending a specifically crafted JSON Web Token (JWT) along with the request. In order for this vulnerability to be exploited, anonymous access to the Argo CD instance must have been enabled. In a default Argo CD installation, anonymous access is disabled. The vulnerability can be exploited to impersonate as any user or role, including the built-in `admin` account regardless of whether it is enabled or disabled. Also, the attacker does not need an account on the Argo CD instance in order to exploit this. If anonymous access to the instance is enabled, an attacker can escalate their privileges, effectively allowing them to gain the same privileges on the cluster as the Argo CD instance, which is cluster admin in a default installation. This will allow the attacker to create, manipulate and delete any resource on the cluster. They may also exfiltrate data by deploying malicious workloads with elevated privileges, thus bypassing any redaction of sensitive data otherwise enforced by the Argo CD API. A patch for this vulnerability has been released in Argo CD versions 2.3.4, 2.2.9, and 2.1.15. As a workaround, one may disable anonymous access, but upgrading to a patched version is preferable.
CVE-2020-13702The Rolling Proximity Identifier used in the Apple/Google Exposure Notification API beta through 2020-05-29 enables attackers to circumvent Bluetooth Smart Privacy because there is a secondary temporary UID. An attacker with access to Beacon or IoT networks can seamlessly track individual device movement via a Bluetooth LE discovery mechanism.
CVE-2017-2320A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials.
CVE-2015-2897Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session.
CVE-2015-0987Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request.
CVE-2013-0693The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier performs network-beacon broadcasts, which allows remote attackers to obtain potentially sensitive information about device presence by listening for broadcast traffic.
CVE-2011-3497service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method.