Common Weakness Enumeration

CWE-202

Allowed

Exposure of Sensitive Information Through Data Queries

Abstraction: Base · Status: Draft

When trying to keep information confidential, an attacker can often infer some of the information by using statistics.

59 vulnerabilities reference this CWE, most recent first.

GHSA-JF66-V4FG-QPQX

Vulnerability from github – Published: 2025-01-09 21:31 – Updated: 2025-01-10 18:31
VLAI
Details

Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.This issue affects RESTful Web Services: from 7.X-2.0 before 7.X-2.10.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-13255"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-202"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-09T19:15:19Z",
    "severity": "HIGH"
  },
  "details": "Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.This issue affects RESTful Web Services: from 7.X-2.0 before 7.X-2.10.",
  "id": "GHSA-jf66-v4fg-qpqx",
  "modified": "2025-01-10T18:31:39Z",
  "published": "2025-01-09T21:31:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13255"
    },
    {
      "type": "WEB",
      "url": "https://www.drupal.org/sa-contrib-2024-019"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JWPJ-M256-82WG

Vulnerability from github – Published: 2024-10-23 18:33 – Updated: 2024-10-23 18:33
VLAI
Details

A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device.

This vulnerability is due to improper authentication of password update responses. An attacker could exploit this vulnerability by forcing a password reset on an affected device. A successful exploit could allow the attacker to determine valid user names in the unauthenticated response to a forced password reset.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-20388"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-202"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-23T18:15:07Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device.\n\n This vulnerability is due to improper authentication of password update responses. An attacker could exploit this vulnerability by forcing a password reset on an affected device. A successful exploit could allow the attacker to determine valid user names in the unauthenticated response to a forced password reset.",
  "id": "GHSA-jwpj-m256-82wg",
  "modified": "2024-10-23T18:33:09Z",
  "published": "2024-10-23T18:33:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20388"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-infodisc-RL4mJFer"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R5CQ-F6P7-HPQ4

Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2022-05-24 17:42
VLAI
Details

A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. This vulnerability is due to the unsafe usage of shared memory by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens. Note: To exploit this vulnerability, an attacker must have valid credentials on a Microsoft Windows end-user system and must log in after another user has already authenticated with Webex on the same end-user system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1372"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-202"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-17T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. This vulnerability is due to the unsafe usage of shared memory by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens. Note: To exploit this vulnerability, an attacker must have valid credentials on a Microsoft Windows end-user system and must log in after another user has already authenticated with Webex on the same end-user system.",
  "id": "GHSA-r5cq-f6p7-hpq4",
  "modified": "2022-05-24T17:42:31Z",
  "published": "2022-05-24T17:42:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1372"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wda-pt-msh-6LWOcZ5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-V64R-7WG9-23PR

Vulnerability from github – Published: 2026-01-05 18:49 – Updated: 2026-01-09 03:11
VLAI
Summary
Unauthenticated Craft CMS users can trigger a database backup
Details

Unauthenticated users can trigger database backup operations the updater/backup action, potentially leading to resource exhaustion or information disclosure.

Users should update to the patched versions (5.8.21 and 4.16.17) to mitigate the issue.

Craft 3 users should update to the latest Craft 4 and 5 releases, which include the fixes.

References:

https://github.com/craftcms/cms/commit/f83d4e0c6b906743206b4747db4abf8164b8da39

https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821---2025-12-04

Affected Endpoints

  • POST /admin/actions/updater/backup (unauthenticated)

Vulnerability Details

Root Cause

All updater/* actions are explicitly configured with anonymous access:

// BaseUpdaterController.php  
protected array|bool|int $allowAnonymous = self::ALLOW_ANONYMOUS_LIVE | self::ALLOW_ANONYMOUS_OFFLINE;

Attack Vector

  1. Send unauthenticated POST request to /admin/actions/updater/backup
  2. Database backup executes with configured backupCommand
Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 5.8.20"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "craftcms/cms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0-RC1"
            },
            {
              "fixed": "5.8.21"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 4.16.16"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "craftcms/cms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "4.16.17"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-68456"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-202",
      "CWE-770"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-05T18:49:56Z",
    "nvd_published_at": "2026-01-05T22:15:52Z",
    "severity": "HIGH"
  },
  "details": "Unauthenticated users can trigger database backup operations the `updater/backup` action, potentially leading to resource exhaustion or information disclosure.\n\nUsers should update to the patched versions (5.8.21 and 4.16.17) to mitigate the issue.\n\nCraft 3 users should update to the latest Craft 4 and 5 releases, which include the fixes.\n\nReferences:\n\nhttps://github.com/craftcms/cms/commit/f83d4e0c6b906743206b4747db4abf8164b8da39\n\nhttps://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821---2025-12-04\n\n## Affected Endpoints\n\n- `POST /admin/actions/updater/backup` (unauthenticated)\n\n## Vulnerability Details\n\n### Root Cause\nAll `updater/*` actions are explicitly configured with anonymous access:\n\n```php\n// BaseUpdaterController.php  \nprotected array|bool|int $allowAnonymous = self::ALLOW_ANONYMOUS_LIVE | self::ALLOW_ANONYMOUS_OFFLINE;\n```\n\n### Attack Vector\n1. Send unauthenticated POST request to `/admin/actions/updater/backup`\n2. Database backup executes with configured `backupCommand`",
  "id": "GHSA-v64r-7wg9-23pr",
  "modified": "2026-01-09T03:11:23Z",
  "published": "2026-01-05T18:49:56Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/craftcms/cms/security/advisories/GHSA-v64r-7wg9-23pr"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68456"
    },
    {
      "type": "WEB",
      "url": "https://github.com/craftcms/cms/commit/f83d4e0c6b906743206b4747db4abf8164b8da39"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/craftcms/cms"
    },
    {
      "type": "WEB",
      "url": "https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821---2025-12-04"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Unauthenticated Craft CMS users can trigger a database backup"
}

GHSA-VCWX-63WP-CQR7

Vulnerability from github – Published: 2024-07-30 06:30 – Updated: 2024-08-01 15:32
VLAI
Details

The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users' sensitive information, including password hashes.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-1287"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-202"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-30T06:15:02Z",
    "severity": "MODERATE"
  },
  "details": "The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users\u0027 sensitive information, including password hashes.",
  "id": "GHSA-vcwx-63wp-cqr7",
  "modified": "2024-08-01T15:32:14Z",
  "published": "2024-07-30T06:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1287"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/169e5756-4e12-4add-82e9-47471c30f08c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VR35-JM2F-8WG2

Vulnerability from github – Published: 2026-05-26 13:30 – Updated: 2026-06-30 17:19
VLAI
Summary
Apache Syncope Vulnerable to Exposure of Sensitive Information Through Data Queries
Details

Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope.

An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient entitlements for User read to access User-related security-sensitive information.

This issue affects Apache Syncope: 3.0 through 3.0.16, 4.0 through 4.0.5, 4.1.0.

Users are recommended to upgrade to version 4.0.6 / 4.1.1, which fix this issue by further restricting the JEXL expression definition.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.syncope.core:syncope-core-provisioning-api"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0-M0"
            },
            {
              "last_affected": "3.0.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.syncope.core:syncope-core-provisioning-api"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0-M0"
            },
            {
              "fixed": "4.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.syncope.core:syncope-core-provisioning-api"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.1.0-M0"
            },
            {
              "fixed": "4.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-42797"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-202"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-30T17:19:28Z",
    "nvd_published_at": "2026-05-25T16:16:20Z",
    "severity": "MODERATE"
  },
  "details": "Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope.\n\nAn administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient entitlements for User read to access User-related security-sensitive information.\n\nThis issue affects Apache Syncope: 3.0 through 3.0.16, 4.0 through 4.0.5, 4.1.0.\n\nUsers are recommended to upgrade to version 4.0.6 / 4.1.1, which fix this issue by further restricting the JEXL expression definition.",
  "id": "GHSA-vr35-jm2f-8wg2",
  "modified": "2026-06-30T17:19:28Z",
  "published": "2026-05-26T13:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42797"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/syncope"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/5y7d277sntyytrmxnx2tfjr9ftcpq1s6"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/25/5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Syncope Vulnerable to Exposure of Sensitive Information Through Data Queries"
}

GHSA-WRWH-RPQ4-87HF

Vulnerability from github – Published: 2026-04-14 20:00 – Updated: 2026-04-16 21:57
VLAI
Summary
free5gc UDR nudr-dr influenceData/subs-to-notify leaks SUPI in error response body without authentication
Details

Summary

An information disclosure vulnerability in the UDR service allows any unauthenticated attacker with access to the 5G Service Based Interface (SBI) to retrieve stored subscriber identifiers (SUPI/IMSI) with a single HTTP GET request requiring no parameters or credentials.

Details

The endpoint GET /nudr-dr/v2/application-data/influenceData/subs-to-notify (defined in 3GPP TS 29.519) requires at least one query parameter (dnns, snssais, supis, or internalGroupIds) to filter results.

In the free5GC UDR implementation, the input validation is present but ineffective because the handler does not return after sending the HTTP 400 error. The request handling flow is:

  1. The function HandleApplicationDataInfluenceDataSubsToNotifyGet in ./free5gc_4-2-1/free5gc/NFs/udr/internal/sbi/api_datarepository.go (around line 2793) checks whether all of dnn, snssai, internalGroupId, and supi are empty.
  2. If they are all empty, it builds a problemDetails structure and calls c.JSON(http.StatusBadRequest, problemDetails) to send a 400 response, but it does not return afterwards.
  3. Execution continues and the handler still calls s.Processor().ApplicationDataInfluenceDataSubsToNotifyGetProcedure(c, dnn,snssai, internalGroupId, supi) defined in ./free5gc_4-2-1/free5gc/NFs/udr/internal/sbi/processor/influence_data_subscriptions_collection.go.
  4. This processor function queries the data repository and writes the full list of Traffic Influence Subscriptions to the HTTP response body, including supis fields with SUPI/IMSI values.

As a result, a request without any query parameters produces a response where the HTTP status is 400 Bad Request, but the body contains both the error object and the full subscription list.

The missing return after sending the 400 response in api_datarepository.go is the root cause of this vulnerability.

PoC

No authentication, no prior knowledge of any subscriber identifier required.

curl -v "http://<udr-host>/nudr-dr/v2/application-data/influenceData/subs-to-notify"

Response (HTTP 400):

{"status":400,"detail":"At least one of DNNs, S-NSSAIs, Internal Group IDs or SUPIs shall be provided"}
[{"dnns":["internet"],
  "snssais":[{"sst":1,"sd":"000001"}],
  "supis":["imsi-222777483957498"],
  "notificationUri":"http://pcf.../npcf-callback/v1/nudr-notify/influence-data/imsi-222777483957498/1"}]

Impact

This is an unauthenticated information disclosure vulnerability. Any attacker with network access to the SBI (Service Based Interface) can enumerate SUPIs (Subscriber Permanent Identifiers / IMSI values) of registered users without any credentials or prior knowledge.

In a 5G network, the SUPI is the most sensitive subscriber identifier — its exposure breaks the privacy guarantees introduced by 3GPP with the SUCI (Subscription Concealed Identifier) mechanism, designed specifically to prevent SUPI tracking over the air. This vulnerability completely undermines that protection at the core network level.

Impacted deployments: any free5GC instance where the SBI is reachable by untrusted parties (e.g., misconfigured network segmentation, rogue NF, or compromised internal host).

Note: an additional trigger exists — sending a malformed snssai parameter also bypasses validation due to a missing return after the deserialization error handler, producing the same information disclosure.

Patch

The vulnerability has been confirmed patched by adding the two missing return statements in NFs/udr/internal/sbi/api_datarepository.go, function HandleApplicationDataInfluenceDataSubsToNotifyGet:

  1. After the c.JSON(http.StatusBadRequest, problemDetails) call in the snssai deserialization error branch.
  2. After the c.JSON(http.StatusBadRequest, problemDetails) call in the empty parameters validation block.

With the patch applied, a request without any query parameters now correctly returns HTTP 400 with only the error message, and no subscriber data is included in the response body.

The fix has been verified: after applying the patch and recompiling the UDR, the endpoint GET /nudr-dr/v2/application-data/influenceData/subs-to-notify returns HTTP 400 with only:

{"status":400,"detail":"At least one of DNNs, S-NSSAIs, Internal Group IDs 
or SUPIs shall be provided"}

No SUPI or subscription data is leaked.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/free5gc/udr"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-40245"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-202",
      "CWE-209"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-14T20:00:15Z",
    "nvd_published_at": "2026-04-16T00:16:29Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nAn information disclosure vulnerability in the UDR service allows any unauthenticated  attacker with access to the 5G Service Based Interface (SBI) to retrieve stored subscriber identifiers (SUPI/IMSI) with a single HTTP GET request requiring no parameters or credentials.\n\n### Details\nThe endpoint `GET /nudr-dr/v2/application-data/influenceData/subs-to-notify` (defined in 3GPP TS 29.519) requires at least one query parameter (`dnns`, `snssais`,  `supis`, or `internalGroupIds`) to filter results.\n\nIn the free5GC UDR implementation, the input validation is present but ineffective because the handler does not return after sending the HTTP 400 error. The request handling flow is:\n\n1. The function `HandleApplicationDataInfluenceDataSubsToNotifyGet` in  `./free5gc_4-2-1/free5gc/NFs/udr/internal/sbi/api_datarepository.go`  (around line 2793) checks whether all of `dnn`, `snssai`, `internalGroupId`, \n   and `supi` are empty.\n2. If they are all empty, it builds a `problemDetails` structure and calls `c.JSON(http.StatusBadRequest, problemDetails)` to send a 400 response, **but it does not return afterwards**.\n3. Execution continues and the handler still calls `s.Processor().ApplicationDataInfluenceDataSubsToNotifyGetProcedure(c, dnn,snssai, internalGroupId, supi)` defined in  `./free5gc_4-2-1/free5gc/NFs/udr/internal/sbi/processor/influence_data_subscriptions_collection.go`.\n4. This processor function queries the data repository and writes the full list of Traffic Influence Subscriptions to the HTTP response body, including `supis` fields with SUPI/IMSI values.\n\nAs a result, a request without any query parameters produces a response where the HTTP status is 400 Bad Request, but the body contains both the error object and the full subscription list.\n\nThe missing `return` after sending the 400 response in `api_datarepository.go` is the root cause of this vulnerability.\n\n### PoC\nNo authentication, no prior knowledge of any subscriber identifier required.\n\n```bash\ncurl -v \"http://\u003cudr-host\u003e/nudr-dr/v2/application-data/influenceData/subs-to-notify\"\n```\nResponse (HTTP 400):\n```json\n{\"status\":400,\"detail\":\"At least one of DNNs, S-NSSAIs, Internal Group IDs or SUPIs shall be provided\"}\n[{\"dnns\":[\"internet\"],\n  \"snssais\":[{\"sst\":1,\"sd\":\"000001\"}],\n  \"supis\":[\"imsi-222777483957498\"],\n  \"notificationUri\":\"http://pcf.../npcf-callback/v1/nudr-notify/influence-data/imsi-222777483957498/1\"}]\n```\n\n### Impact\nThis is an unauthenticated information disclosure vulnerability. Any attacker with network access to the SBI (Service Based Interface) can enumerate SUPIs (Subscriber Permanent Identifiers / IMSI values) of registered users without any credentials or prior knowledge.\n\nIn a 5G network, the SUPI is the most sensitive subscriber identifier \u2014 its exposure breaks the privacy guarantees introduced by 3GPP with the SUCI (Subscription Concealed Identifier) mechanism, designed specifically to prevent SUPI tracking over the air. This vulnerability completely undermines that protection at the core network level.\n\nImpacted deployments: any free5GC instance where the SBI is reachable by untrusted parties (e.g., misconfigured network segmentation, rogue NF, or compromised internal host).\n\nNote: an additional trigger exists \u2014 sending a malformed `snssai` parameter  also bypasses validation due to a missing return after the deserialization  error handler, producing the same information disclosure.\n\n### Patch\n\nThe vulnerability has been confirmed patched by adding the two missing `return` statements in `NFs/udr/internal/sbi/api_datarepository.go`, function `HandleApplicationDataInfluenceDataSubsToNotifyGet`:\n\n1. After the `c.JSON(http.StatusBadRequest, problemDetails)` call in the `snssai` deserialization error branch.\n2. After the `c.JSON(http.StatusBadRequest, problemDetails)` call in the empty parameters validation block.\n\nWith the patch applied, a request without any query parameters now correctly returns HTTP 400 with only the error message, and no subscriber data is included in the response body.\n\nThe fix has been verified: after applying the patch and recompiling the UDR, the endpoint `GET /nudr-dr/v2/application-data/influenceData/subs-to-notify` returns HTTP 400 with only:\n```\n{\"status\":400,\"detail\":\"At least one of DNNs, S-NSSAIs, Internal Group IDs \nor SUPIs shall be provided\"}\n```\nNo SUPI or subscription data is leaked.",
  "id": "GHSA-wrwh-rpq4-87hf",
  "modified": "2026-04-16T21:57:35Z",
  "published": "2026-04-14T20:00:15Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/free5gc/free5gc/security/advisories/GHSA-wrwh-rpq4-87hf"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40245"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/free5gc/udr"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "free5gc UDR nudr-dr influenceData/subs-to-notify leaks SUPI in error response body without authentication"
}

GHSA-WV49-QGP8-WCJG

Vulnerability from github – Published: 2025-04-02 03:31 – Updated: 2025-04-02 03:31
VLAI
Details

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-29981"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-202"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-02T01:15:37Z",
    "severity": "HIGH"
  },
  "details": "Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.",
  "id": "GHSA-wv49-qgp8-wcjg",
  "modified": "2025-04-02T03:31:42Z",
  "published": "2025-04-02T03:31:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29981"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000296515/dsa-2025-135"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WWWJ-3JGF-XR9Q

Vulnerability from github – Published: 2024-03-13 00:31 – Updated: 2026-04-08 21:32
VLAI
Details

The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'get_posts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft posts and password protected posts, as well as the password for password-protected posts.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-7072"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-202"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-12T23:15:46Z",
    "severity": "HIGH"
  },
  "details": "The Post Grid Combo \u2013 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the \u0027get_posts\u0027 REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft posts and password protected posts, as well as the password for password-protected posts.",
  "id": "GHSA-wwwj-3jgf-xr9q",
  "modified": "2026-04-08T21:32:19Z",
  "published": "2024-03-13T00:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7072"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/post-grid/tags/2.2.68/src/functions-rest.php#L1670"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/post-grid/tags/2.2.69/includes/blocks/functions-rest.php#L1670"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/feee3268-b384-400c-a76d-e5d7972c05b7?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

This is a complex topic. See the [REF-1492] for a good discussion of best practices.

No CAPEC attack patterns related to this CWE.