CWE-1230
AllowedExposure of Sensitive Information Through Metadata
Abstraction: Base · Status: Incomplete
The product prevents direct access to a resource containing sensitive information, but it does not sufficiently limit access to metadata that is derived from the original, sensitive information.
46 vulnerabilities reference this CWE, most recent first.
CVE-2023-50458 (GCVE-0-2023-50458)
Vulnerability from cvelistv5 – Published: 2025-07-10 00:00 – Updated: 2025-07-10 13:13- CWE-1230 - Exposure of Sensitive Information Through Metadata
| Vendor | Product | Version | |
|---|---|---|---|
| dradisframework | Dradis |
Affected:
0 , < 4.11.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50458",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-10T13:13:36.860229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T13:13:48.494Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dradis",
"vendor": "dradisframework",
"versions": [
{
"lessThan": "4.11.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dradisframework:dradis:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Dradis before 4.11.0, the Output Console shows a job queue that may contain information about other users\u0027 jobs."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1230",
"description": "CWE-1230 Exposure of Sensitive Information Through Metadata",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T03:24:48.095Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/dradis/dradis-ce/tags"
},
{
"url": "https://securiteam.io/2025/07/03/cve-2023-50458-dradis-information-disclosure-output-console/"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-50458",
"datePublished": "2025-07-10T00:00:00.000Z",
"dateReserved": "2023-12-10T00:00:00.000Z",
"dateUpdated": "2025-07-10T13:13:48.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32488 (GCVE-0-2023-32488)
Vulnerability from cvelistv5 – Published: 2023-08-16 13:32 – Updated: 2024-10-08 19:11- CWE-1230 - Exposure of Sensitive Information Through Metadata
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021671… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | PowerScale OneFS |
Affected:
Version 9.2.1.0 through 9.2.1.22, Version 9.4.0.0 through 9.4.0.13, Version 9.5.0.0 through 9.5.0.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:18:37.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32488",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T19:11:01.410898Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T19:11:09.367Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerScale OneFS",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "Version 9.2.1.0 through 9.2.1.22, Version 9.4.0.0 through 9.4.0.13, Version 9.5.0.0 through 9.5.0.3"
}
]
}
],
"datePublic": "2023-08-14T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell PowerScale OneFS, 8.2.x-9.5.0.x, contains an information disclosure vulnerability in NFS. A low privileged attacker could potentially exploit this vulnerability, leading to information disclosure.\u003c/span\u003e\n\n"
}
],
"value": "\nDell PowerScale OneFS, 8.2.x-9.5.0.x, contains an information disclosure vulnerability in NFS. A low privileged attacker could potentially exploit this vulnerability, leading to information disclosure.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1230",
"description": "CWE-1230: Exposure of Sensitive Information Through Metadata",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-16T13:32:02.419Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-32488",
"datePublished": "2023-08-16T13:32:02.419Z",
"dateReserved": "2023-05-09T06:11:48.748Z",
"dateUpdated": "2024-10-08T19:11:09.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6962 (GCVE-0-2023-6962)
Vulnerability from cvelistv5 – Published: 2024-05-02 16:51 – Updated: 2026-04-08 16:32- CWE-1230 - Exposure of Sensitive Information Through Metadata
| Vendor | Product | Version | |
|---|---|---|---|
| joomunited | WP Meta SEO |
Affected:
0 , ≤ 4.5.12
(semver)
|
|
| joomunited | wp_meta_seo |
Affected:
0 , ≤ 4.5.12
(custom)
cpe:2.3:a:joomunited:wp_meta_seo:-:*:*:*:*:wordpress:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:joomunited:wp_meta_seo:-:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "wp_meta_seo",
"vendor": "joomunited",
"versions": [
{
"lessThanOrEqual": "4.5.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-02T19:28:47.416191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:17.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:50:06.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0323b54b-c15b-4d2d-9e8f-3df87c84dd49?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3071453%40wp-meta-seo%2Ftrunk\u0026old=3068145%40wp-meta-seo%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP Meta SEO",
"vendor": "joomunited",
"versions": [
{
"lessThanOrEqual": "4.5.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Meta SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.12 via the meta description. This makes it possible for unauthenticated attackers to disclose potentially sensitive information via the meta description of password-protected posts."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1230",
"description": "CWE-1230 Exposure of Sensitive Information Through Metadata",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:32:48.990Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0323b54b-c15b-4d2d-9e8f-3df87c84dd49?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3071453%40wp-meta-seo%2Ftrunk\u0026old=3068145%40wp-meta-seo%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-16T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WP Meta SEO \u003c= 4.5.12 - Information Exposure via Meta Description"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-6962",
"datePublished": "2024-05-02T16:51:41.692Z",
"dateReserved": "2023-12-19T19:52:19.357Z",
"dateUpdated": "2026-04-08T16:32:48.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-1974 (GCVE-0-2023-1974)
Vulnerability from cvelistv5 – Published: 2023-04-11 00:00 – Updated: 2025-02-07 17:14- CWE-1230 - Exposure of Sensitive Information Through Metadata
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < 1.0.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:27.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/ac3f2f047ee00b4edaea7530e570ab67ff87cd6a"
},
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/852781c6-9cc8-4d25-9336-bf3cb8ee3439"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1974",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T17:14:51.823042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T17:14:55.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "1.0.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information Through Metadata in GitHub repository answerdev/answer prior to 1.0.8."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1230",
"description": "CWE-1230 Exposure of Sensitive Information Through Metadata",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://github.com/answerdev/answer/commit/ac3f2f047ee00b4edaea7530e570ab67ff87cd6a"
},
{
"url": "https://huntr.dev/bounties/852781c6-9cc8-4d25-9336-bf3cb8ee3439"
}
],
"source": {
"advisory": "852781c6-9cc8-4d25-9336-bf3cb8ee3439",
"discovery": "EXTERNAL"
},
"title": "Exposure of Sensitive Information Through Metadata in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1974",
"datePublished": "2023-04-11T00:00:00.000Z",
"dateReserved": "2023-04-11T00:00:00.000Z",
"dateUpdated": "2025-02-07T17:14:55.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-2448-7FJ5-7V9W
Vulnerability from github – Published: 2025-03-05 06:31 – Updated: 2025-03-05 15:30Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. (Chromium security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2025-1921"
],
"database_specific": {
"cwe_ids": [
"CWE-1230"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-05T04:15:11Z",
"severity": "MODERATE"
},
"details": "Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. (Chromium security severity: Medium)",
"id": "GHSA-2448-7fj5-7v9w",
"modified": "2025-03-05T15:30:55Z",
"published": "2025-03-05T06:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1921"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/387583503"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-24XV-7QH2-7X7V
Vulnerability from github – Published: 2025-01-24 15:30 – Updated: 2025-01-24 15:30The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the register_controls function in widgets/offcanvas-rometheme.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
{
"affected": [],
"aliases": [
"CVE-2024-10324"
],
"database_specific": {
"cwe_ids": [
"CWE-1230"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-24T14:15:30Z",
"severity": "MODERATE"
},
"details": "The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the register_controls function in widgets/offcanvas-rometheme.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.",
"id": "GHSA-24xv-7qh2-7x7v",
"modified": "2025-01-24T15:30:47Z",
"published": "2025-01-24T15:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10324"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3220079/rometheme-for-elementor"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd726b20-75c9-408e-86fc-061db591a9db?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4MMG-599R-Q746
Vulnerability from github – Published: 2026-03-10 18:31 – Updated: 2026-03-10 18:31A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application leaks confidential information in metadata, and files such as information on contributors and email address, on SSM Server.
{
"affected": [],
"aliases": [
"CVE-2026-27661"
],
"database_specific": {
"cwe_ids": [
"CWE-1230"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-10T18:18:44Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in SINEC Security Monitor (All versions \u003c V4.9.0). The affected application leaks confidential information in metadata, and files such as information on contributors and email address, on `SSM Server`.",
"id": "GHSA-4mmg-599r-q746",
"modified": "2026-03-10T18:31:22Z",
"published": "2026-03-10T18:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27661"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-430425.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4W64-M6X6-926R
Vulnerability from github – Published: 2026-05-06 15:32 – Updated: 2026-05-06 15:32HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintentionally shared. .
{
"affected": [],
"aliases": [
"CVE-2025-31959"
],
"database_specific": {
"cwe_ids": [
"CWE-1230"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T15:16:05Z",
"severity": "LOW"
},
"details": "HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintentionally shared. .",
"id": "GHSA-4w64-m6x6-926r",
"modified": "2026-05-06T15:32:41Z",
"published": "2026-05-06T15:32:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31959"
},
{
"type": "WEB",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0128144"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4X52-W829-4QVM
Vulnerability from github – Published: 2023-08-16 15:30 – Updated: 2024-04-04 06:59Dell PowerScale OneFS, 8.2.x-9.5.0.x, contains an information disclosure vulnerability in NFS. A low privileged attacker could potentially exploit this vulnerability, leading to information disclosure.
{
"affected": [],
"aliases": [
"CVE-2023-32488"
],
"database_specific": {
"cwe_ids": [
"CWE-1230"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-16T14:15:11Z",
"severity": "MODERATE"
},
"details": "\nDell PowerScale OneFS, 8.2.x-9.5.0.x, contains an information disclosure vulnerability in NFS. A low privileged attacker could potentially exploit this vulnerability, leading to information disclosure.\n\n",
"id": "GHSA-4x52-w829-4qvm",
"modified": "2024-04-04T06:59:35Z",
"published": "2023-08-16T15:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32488"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5R85-6H7F-RG3R
Vulnerability from github – Published: 2025-02-24 21:31 – Updated: 2025-02-24 22:02Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "4.5.0-beta"
},
{
"fixed": "4.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "4.4.0-beta"
},
{
"fixed": "4.4.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "4.3.0-beta"
},
{
"fixed": "4.3.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.1.16"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-26527"
],
"database_specific": {
"cwe_ids": [
"CWE-1230"
],
"github_reviewed": true,
"github_reviewed_at": "2025-02-24T22:02:18Z",
"nvd_published_at": "2025-02-24T20:15:33Z",
"severity": "MODERATE"
},
"details": "Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block.",
"id": "GHSA-5r85-6h7f-rg3r",
"modified": "2025-02-24T22:02:18Z",
"published": "2025-02-24T21:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26527"
},
{
"type": "PACKAGE",
"url": "https://github.com/moodle/moodle"
},
{
"type": "WEB",
"url": "https://moodle.org/mod/forum/discuss.php?d=466143"
},
{
"type": "WEB",
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-83941"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Moodle\u0027s non-searchable tags can still be discovered on the tag search page and in the tags block"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.