CWE-202
AllowedExposure of Sensitive Information Through Data Queries
Abstraction: Base · Status: Draft
When trying to keep information confidential, an attacker can often infer some of the information by using statistics.
59 vulnerabilities reference this CWE, most recent first.
GHSA-JF66-V4FG-QPQX
Vulnerability from github – Published: 2025-01-09 21:31 – Updated: 2025-01-10 18:31Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.This issue affects RESTful Web Services: from 7.X-2.0 before 7.X-2.10.
{
"affected": [],
"aliases": [
"CVE-2024-13255"
],
"database_specific": {
"cwe_ids": [
"CWE-202"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-09T19:15:19Z",
"severity": "HIGH"
},
"details": "Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.This issue affects RESTful Web Services: from 7.X-2.0 before 7.X-2.10.",
"id": "GHSA-jf66-v4fg-qpqx",
"modified": "2025-01-10T18:31:39Z",
"published": "2025-01-09T21:31:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13255"
},
{
"type": "WEB",
"url": "https://www.drupal.org/sa-contrib-2024-019"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JWPJ-M256-82WG
Vulnerability from github – Published: 2024-10-23 18:33 – Updated: 2024-10-23 18:33A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device.
This vulnerability is due to improper authentication of password update responses. An attacker could exploit this vulnerability by forcing a password reset on an affected device. A successful exploit could allow the attacker to determine valid user names in the unauthenticated response to a forced password reset.
{
"affected": [],
"aliases": [
"CVE-2024-20388"
],
"database_specific": {
"cwe_ids": [
"CWE-202"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-23T18:15:07Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device.\n\n This vulnerability is due to improper authentication of password update responses. An attacker could exploit this vulnerability by forcing a password reset on an affected device. A successful exploit could allow the attacker to determine valid user names in the unauthenticated response to a forced password reset.",
"id": "GHSA-jwpj-m256-82wg",
"modified": "2024-10-23T18:33:09Z",
"published": "2024-10-23T18:33:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20388"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-infodisc-RL4mJFer"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-R5CQ-F6P7-HPQ4
Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2022-05-24 17:42A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. This vulnerability is due to the unsafe usage of shared memory by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens. Note: To exploit this vulnerability, an attacker must have valid credentials on a Microsoft Windows end-user system and must log in after another user has already authenticated with Webex on the same end-user system.
{
"affected": [],
"aliases": [
"CVE-2021-1372"
],
"database_specific": {
"cwe_ids": [
"CWE-202"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-17T17:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. This vulnerability is due to the unsafe usage of shared memory by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens. Note: To exploit this vulnerability, an attacker must have valid credentials on a Microsoft Windows end-user system and must log in after another user has already authenticated with Webex on the same end-user system.",
"id": "GHSA-r5cq-f6p7-hpq4",
"modified": "2022-05-24T17:42:31Z",
"published": "2022-05-24T17:42:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1372"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wda-pt-msh-6LWOcZ5"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-V64R-7WG9-23PR
Vulnerability from github – Published: 2026-01-05 18:49 – Updated: 2026-01-09 03:11Unauthenticated users can trigger database backup operations the updater/backup action, potentially leading to resource exhaustion or information disclosure.
Users should update to the patched versions (5.8.21 and 4.16.17) to mitigate the issue.
Craft 3 users should update to the latest Craft 4 and 5 releases, which include the fixes.
References:
https://github.com/craftcms/cms/commit/f83d4e0c6b906743206b4747db4abf8164b8da39
https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821---2025-12-04
Affected Endpoints
POST /admin/actions/updater/backup(unauthenticated)
Vulnerability Details
Root Cause
All updater/* actions are explicitly configured with anonymous access:
// BaseUpdaterController.php
protected array|bool|int $allowAnonymous = self::ALLOW_ANONYMOUS_LIVE | self::ALLOW_ANONYMOUS_OFFLINE;
Attack Vector
- Send unauthenticated POST request to
/admin/actions/updater/backup - Database backup executes with configured
backupCommand
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 5.8.20"
},
"package": {
"ecosystem": "Packagist",
"name": "craftcms/cms"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0-RC1"
},
{
"fixed": "5.8.21"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.16.16"
},
"package": {
"ecosystem": "Packagist",
"name": "craftcms/cms"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "4.16.17"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-68456"
],
"database_specific": {
"cwe_ids": [
"CWE-202",
"CWE-770"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-05T18:49:56Z",
"nvd_published_at": "2026-01-05T22:15:52Z",
"severity": "HIGH"
},
"details": "Unauthenticated users can trigger database backup operations the `updater/backup` action, potentially leading to resource exhaustion or information disclosure.\n\nUsers should update to the patched versions (5.8.21 and 4.16.17) to mitigate the issue.\n\nCraft 3 users should update to the latest Craft 4 and 5 releases, which include the fixes.\n\nReferences:\n\nhttps://github.com/craftcms/cms/commit/f83d4e0c6b906743206b4747db4abf8164b8da39\n\nhttps://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821---2025-12-04\n\n## Affected Endpoints\n\n- `POST /admin/actions/updater/backup` (unauthenticated)\n\n## Vulnerability Details\n\n### Root Cause\nAll `updater/*` actions are explicitly configured with anonymous access:\n\n```php\n// BaseUpdaterController.php \nprotected array|bool|int $allowAnonymous = self::ALLOW_ANONYMOUS_LIVE | self::ALLOW_ANONYMOUS_OFFLINE;\n```\n\n### Attack Vector\n1. Send unauthenticated POST request to `/admin/actions/updater/backup`\n2. Database backup executes with configured `backupCommand`",
"id": "GHSA-v64r-7wg9-23pr",
"modified": "2026-01-09T03:11:23Z",
"published": "2026-01-05T18:49:56Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/craftcms/cms/security/advisories/GHSA-v64r-7wg9-23pr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68456"
},
{
"type": "WEB",
"url": "https://github.com/craftcms/cms/commit/f83d4e0c6b906743206b4747db4abf8164b8da39"
},
{
"type": "PACKAGE",
"url": "https://github.com/craftcms/cms"
},
{
"type": "WEB",
"url": "https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821---2025-12-04"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "Unauthenticated Craft CMS users can trigger a database backup"
}
GHSA-VCWX-63WP-CQR7
Vulnerability from github – Published: 2024-07-30 06:30 – Updated: 2024-08-01 15:32The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users' sensitive information, including password hashes.
{
"affected": [],
"aliases": [
"CVE-2024-1287"
],
"database_specific": {
"cwe_ids": [
"CWE-202"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-30T06:15:02Z",
"severity": "MODERATE"
},
"details": "The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users\u0027 sensitive information, including password hashes.",
"id": "GHSA-vcwx-63wp-cqr7",
"modified": "2024-08-01T15:32:14Z",
"published": "2024-07-30T06:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1287"
},
{
"type": "WEB",
"url": "https://wpscan.com/vulnerability/169e5756-4e12-4add-82e9-47471c30f08c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VR35-JM2F-8WG2
Vulnerability from github – Published: 2026-05-26 13:30 – Updated: 2026-06-30 17:19Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope.
An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient entitlements for User read to access User-related security-sensitive information.
This issue affects Apache Syncope: 3.0 through 3.0.16, 4.0 through 4.0.5, 4.1.0.
Users are recommended to upgrade to version 4.0.6 / 4.1.1, which fix this issue by further restricting the JEXL expression definition.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.syncope.core:syncope-core-provisioning-api"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0-M0"
},
{
"last_affected": "3.0.16"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.syncope.core:syncope-core-provisioning-api"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0-M0"
},
{
"fixed": "4.0.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.syncope.core:syncope-core-provisioning-api"
},
"ranges": [
{
"events": [
{
"introduced": "4.1.0-M0"
},
{
"fixed": "4.1.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-42797"
],
"database_specific": {
"cwe_ids": [
"CWE-202"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-30T17:19:28Z",
"nvd_published_at": "2026-05-25T16:16:20Z",
"severity": "MODERATE"
},
"details": "Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope.\n\nAn administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient entitlements for User read to access User-related security-sensitive information.\n\nThis issue affects Apache Syncope: 3.0 through 3.0.16, 4.0 through 4.0.5, 4.1.0.\n\nUsers are recommended to upgrade to version 4.0.6 / 4.1.1, which fix this issue by further restricting the JEXL expression definition.",
"id": "GHSA-vr35-jm2f-8wg2",
"modified": "2026-06-30T17:19:28Z",
"published": "2026-05-26T13:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42797"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/syncope"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/5y7d277sntyytrmxnx2tfjr9ftcpq1s6"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/25/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apache Syncope Vulnerable to Exposure of Sensitive Information Through Data Queries"
}
GHSA-WRWH-RPQ4-87HF
Vulnerability from github – Published: 2026-04-14 20:00 – Updated: 2026-04-16 21:57Summary
An information disclosure vulnerability in the UDR service allows any unauthenticated attacker with access to the 5G Service Based Interface (SBI) to retrieve stored subscriber identifiers (SUPI/IMSI) with a single HTTP GET request requiring no parameters or credentials.
Details
The endpoint GET /nudr-dr/v2/application-data/influenceData/subs-to-notify (defined in 3GPP TS 29.519) requires at least one query parameter (dnns, snssais, supis, or internalGroupIds) to filter results.
In the free5GC UDR implementation, the input validation is present but ineffective because the handler does not return after sending the HTTP 400 error. The request handling flow is:
- The function
HandleApplicationDataInfluenceDataSubsToNotifyGetin./free5gc_4-2-1/free5gc/NFs/udr/internal/sbi/api_datarepository.go(around line 2793) checks whether all ofdnn,snssai,internalGroupId, andsupiare empty. - If they are all empty, it builds a
problemDetailsstructure and callsc.JSON(http.StatusBadRequest, problemDetails)to send a 400 response, but it does not return afterwards. - Execution continues and the handler still calls
s.Processor().ApplicationDataInfluenceDataSubsToNotifyGetProcedure(c, dnn,snssai, internalGroupId, supi)defined in./free5gc_4-2-1/free5gc/NFs/udr/internal/sbi/processor/influence_data_subscriptions_collection.go. - This processor function queries the data repository and writes the full list of Traffic Influence Subscriptions to the HTTP response body, including
supisfields with SUPI/IMSI values.
As a result, a request without any query parameters produces a response where the HTTP status is 400 Bad Request, but the body contains both the error object and the full subscription list.
The missing return after sending the 400 response in api_datarepository.go is the root cause of this vulnerability.
PoC
No authentication, no prior knowledge of any subscriber identifier required.
curl -v "http://<udr-host>/nudr-dr/v2/application-data/influenceData/subs-to-notify"
Response (HTTP 400):
{"status":400,"detail":"At least one of DNNs, S-NSSAIs, Internal Group IDs or SUPIs shall be provided"}
[{"dnns":["internet"],
"snssais":[{"sst":1,"sd":"000001"}],
"supis":["imsi-222777483957498"],
"notificationUri":"http://pcf.../npcf-callback/v1/nudr-notify/influence-data/imsi-222777483957498/1"}]
Impact
This is an unauthenticated information disclosure vulnerability. Any attacker with network access to the SBI (Service Based Interface) can enumerate SUPIs (Subscriber Permanent Identifiers / IMSI values) of registered users without any credentials or prior knowledge.
In a 5G network, the SUPI is the most sensitive subscriber identifier — its exposure breaks the privacy guarantees introduced by 3GPP with the SUCI (Subscription Concealed Identifier) mechanism, designed specifically to prevent SUPI tracking over the air. This vulnerability completely undermines that protection at the core network level.
Impacted deployments: any free5GC instance where the SBI is reachable by untrusted parties (e.g., misconfigured network segmentation, rogue NF, or compromised internal host).
Note: an additional trigger exists — sending a malformed snssai parameter also bypasses validation due to a missing return after the deserialization error handler, producing the same information disclosure.
Patch
The vulnerability has been confirmed patched by adding the two missing return statements in NFs/udr/internal/sbi/api_datarepository.go, function HandleApplicationDataInfluenceDataSubsToNotifyGet:
- After the
c.JSON(http.StatusBadRequest, problemDetails)call in thesnssaideserialization error branch. - After the
c.JSON(http.StatusBadRequest, problemDetails)call in the empty parameters validation block.
With the patch applied, a request without any query parameters now correctly returns HTTP 400 with only the error message, and no subscriber data is included in the response body.
The fix has been verified: after applying the patch and recompiling the UDR, the endpoint GET /nudr-dr/v2/application-data/influenceData/subs-to-notify returns HTTP 400 with only:
{"status":400,"detail":"At least one of DNNs, S-NSSAIs, Internal Group IDs
or SUPIs shall be provided"}
No SUPI or subscription data is leaked.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/free5gc/udr"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.4.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-40245"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-202",
"CWE-209"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-14T20:00:15Z",
"nvd_published_at": "2026-04-16T00:16:29Z",
"severity": "HIGH"
},
"details": "### Summary\nAn information disclosure vulnerability in the UDR service allows any unauthenticated attacker with access to the 5G Service Based Interface (SBI) to retrieve stored subscriber identifiers (SUPI/IMSI) with a single HTTP GET request requiring no parameters or credentials.\n\n### Details\nThe endpoint `GET /nudr-dr/v2/application-data/influenceData/subs-to-notify` (defined in 3GPP TS 29.519) requires at least one query parameter (`dnns`, `snssais`, `supis`, or `internalGroupIds`) to filter results.\n\nIn the free5GC UDR implementation, the input validation is present but ineffective because the handler does not return after sending the HTTP 400 error. The request handling flow is:\n\n1. The function `HandleApplicationDataInfluenceDataSubsToNotifyGet` in `./free5gc_4-2-1/free5gc/NFs/udr/internal/sbi/api_datarepository.go` (around line 2793) checks whether all of `dnn`, `snssai`, `internalGroupId`, \n and `supi` are empty.\n2. If they are all empty, it builds a `problemDetails` structure and calls `c.JSON(http.StatusBadRequest, problemDetails)` to send a 400 response, **but it does not return afterwards**.\n3. Execution continues and the handler still calls `s.Processor().ApplicationDataInfluenceDataSubsToNotifyGetProcedure(c, dnn,snssai, internalGroupId, supi)` defined in `./free5gc_4-2-1/free5gc/NFs/udr/internal/sbi/processor/influence_data_subscriptions_collection.go`.\n4. This processor function queries the data repository and writes the full list of Traffic Influence Subscriptions to the HTTP response body, including `supis` fields with SUPI/IMSI values.\n\nAs a result, a request without any query parameters produces a response where the HTTP status is 400 Bad Request, but the body contains both the error object and the full subscription list.\n\nThe missing `return` after sending the 400 response in `api_datarepository.go` is the root cause of this vulnerability.\n\n### PoC\nNo authentication, no prior knowledge of any subscriber identifier required.\n\n```bash\ncurl -v \"http://\u003cudr-host\u003e/nudr-dr/v2/application-data/influenceData/subs-to-notify\"\n```\nResponse (HTTP 400):\n```json\n{\"status\":400,\"detail\":\"At least one of DNNs, S-NSSAIs, Internal Group IDs or SUPIs shall be provided\"}\n[{\"dnns\":[\"internet\"],\n \"snssais\":[{\"sst\":1,\"sd\":\"000001\"}],\n \"supis\":[\"imsi-222777483957498\"],\n \"notificationUri\":\"http://pcf.../npcf-callback/v1/nudr-notify/influence-data/imsi-222777483957498/1\"}]\n```\n\n### Impact\nThis is an unauthenticated information disclosure vulnerability. Any attacker with network access to the SBI (Service Based Interface) can enumerate SUPIs (Subscriber Permanent Identifiers / IMSI values) of registered users without any credentials or prior knowledge.\n\nIn a 5G network, the SUPI is the most sensitive subscriber identifier \u2014 its exposure breaks the privacy guarantees introduced by 3GPP with the SUCI (Subscription Concealed Identifier) mechanism, designed specifically to prevent SUPI tracking over the air. This vulnerability completely undermines that protection at the core network level.\n\nImpacted deployments: any free5GC instance where the SBI is reachable by untrusted parties (e.g., misconfigured network segmentation, rogue NF, or compromised internal host).\n\nNote: an additional trigger exists \u2014 sending a malformed `snssai` parameter also bypasses validation due to a missing return after the deserialization error handler, producing the same information disclosure.\n\n### Patch\n\nThe vulnerability has been confirmed patched by adding the two missing `return` statements in `NFs/udr/internal/sbi/api_datarepository.go`, function `HandleApplicationDataInfluenceDataSubsToNotifyGet`:\n\n1. After the `c.JSON(http.StatusBadRequest, problemDetails)` call in the `snssai` deserialization error branch.\n2. After the `c.JSON(http.StatusBadRequest, problemDetails)` call in the empty parameters validation block.\n\nWith the patch applied, a request without any query parameters now correctly returns HTTP 400 with only the error message, and no subscriber data is included in the response body.\n\nThe fix has been verified: after applying the patch and recompiling the UDR, the endpoint `GET /nudr-dr/v2/application-data/influenceData/subs-to-notify` returns HTTP 400 with only:\n```\n{\"status\":400,\"detail\":\"At least one of DNNs, S-NSSAIs, Internal Group IDs \nor SUPIs shall be provided\"}\n```\nNo SUPI or subscription data is leaked.",
"id": "GHSA-wrwh-rpq4-87hf",
"modified": "2026-04-16T21:57:35Z",
"published": "2026-04-14T20:00:15Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/free5gc/free5gc/security/advisories/GHSA-wrwh-rpq4-87hf"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40245"
},
{
"type": "PACKAGE",
"url": "https://github.com/free5gc/udr"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "free5gc UDR nudr-dr influenceData/subs-to-notify leaks SUPI in error response body without authentication"
}
GHSA-WV49-QGP8-WCJG
Vulnerability from github – Published: 2025-04-02 03:31 – Updated: 2025-04-02 03:31Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
{
"affected": [],
"aliases": [
"CVE-2025-29981"
],
"database_specific": {
"cwe_ids": [
"CWE-202"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-02T01:15:37Z",
"severity": "HIGH"
},
"details": "Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.",
"id": "GHSA-wv49-qgp8-wcjg",
"modified": "2025-04-02T03:31:42Z",
"published": "2025-04-02T03:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29981"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000296515/dsa-2025-135"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WWWJ-3JGF-XR9Q
Vulnerability from github – Published: 2024-03-13 00:31 – Updated: 2026-04-08 21:32The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'get_posts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft posts and password protected posts, as well as the password for password-protected posts.
{
"affected": [],
"aliases": [
"CVE-2023-7072"
],
"database_specific": {
"cwe_ids": [
"CWE-202"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-12T23:15:46Z",
"severity": "HIGH"
},
"details": "The Post Grid Combo \u2013 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the \u0027get_posts\u0027 REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft posts and password protected posts, as well as the password for password-protected posts.",
"id": "GHSA-wwwj-3jgf-xr9q",
"modified": "2026-04-08T21:32:19Z",
"published": "2024-03-13T00:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7072"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/post-grid/tags/2.2.68/src/functions-rest.php#L1670"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/post-grid/tags/2.2.69/includes/blocks/functions-rest.php#L1670"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/feee3268-b384-400c-a76d-e5d7972c05b7?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
This is a complex topic. See the [REF-1492] for a good discussion of best practices.
No CAPEC attack patterns related to this CWE.