CWE-497
AllowedExposure of Sensitive System Information to an Unauthorized Control Sphere
Abstraction: Base · Status: Incomplete
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
669 vulnerabilities reference this CWE, most recent first.
GHSA-3QHF-G8C6-MHPH
Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2026-01-20 15:32Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Retrieve Embedded Sensitive Data.This issue affects WP Hotel Booking: from n/a through <= 2.2.7.
{
"affected": [],
"aliases": [
"CVE-2025-63013"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-09T16:18:06Z",
"severity": "MODERATE"
},
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Retrieve Embedded Sensitive Data.This issue affects WP Hotel Booking: from n/a through \u003c= 2.2.7.",
"id": "GHSA-3qhf-g8c6-mhph",
"modified": "2026-01-20T15:32:03Z",
"published": "2025-12-09T18:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63013"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-hotel-booking/vulnerability/wordpress-wp-hotel-booking-plugin-2-2-7-sensitive-data-exposure-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/wp-hotel-booking/vulnerability/wordpress-wp-hotel-booking-plugin-2-2-7-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3RVX-H374-MGC3
Vulnerability from github – Published: 2026-06-26 15:32 – Updated: 2026-06-26 15:32Subscriber Sensitive Data Exposure in GetGenie <= 4.4.2 versions.
{
"affected": [],
"aliases": [
"CVE-2026-57316"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-26T15:16:48Z",
"severity": "MODERATE"
},
"details": "Subscriber Sensitive Data Exposure in GetGenie \u003c= 4.4.2 versions.",
"id": "GHSA-3rvx-h374-mgc3",
"modified": "2026-06-26T15:32:17Z",
"published": "2026-06-26T15:32:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-57316"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/getgenie/vulnerability/wordpress-getgenie-plugin-4-4-2-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3V3Q-FQ2W-23R5
Vulnerability from github – Published: 2025-10-23 06:30 – Updated: 2025-10-23 06:31Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices.
This issue affects Command Centre Server:
9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior.
{
"affected": [],
"aliases": [
"CVE-2025-47699"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-23T04:16:40Z",
"severity": "CRITICAL"
},
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. \n\nThis issue affects Command Centre Server:\n\n9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior.",
"id": "GHSA-3v3q-fq2w-23r5",
"modified": "2025-10-23T06:31:00Z",
"published": "2025-10-23T06:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47699"
},
{
"type": "WEB",
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2025-47699"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3XQP-RGW8-GM7M
Vulnerability from github – Published: 2025-12-24 15:30 – Updated: 2026-01-20 15:32Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in 10up Eight Day Week Print Workflow eight-day-week-print-workflow allows Retrieve Embedded Sensitive Data.This issue affects Eight Day Week Print Workflow: from n/a through <= 1.2.5.
{
"affected": [],
"aliases": [
"CVE-2025-67621"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-24T13:16:18Z",
"severity": "HIGH"
},
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in 10up Eight Day Week Print Workflow eight-day-week-print-workflow allows Retrieve Embedded Sensitive Data.This issue affects Eight Day Week Print Workflow: from n/a through \u003c= 1.2.5.",
"id": "GHSA-3xqp-rgw8-gm7m",
"modified": "2026-01-20T15:32:33Z",
"published": "2025-12-24T15:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67621"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/eight-day-week-print-workflow/vulnerability/wordpress-eight-day-week-print-workflow-plugin-1-2-5-sensitive-data-exposure-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/eight-day-week-print-workflow/vulnerability/wordpress-eight-day-week-print-workflow-plugin-1-2-5-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4334-98HJ-RQ43
Vulnerability from github – Published: 2024-12-30 12:30 – Updated: 2024-12-30 12:30Infinix devices contain a pre-loaded "com.rlk.weathers" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user’s location without any privileges. After multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices.
{
"affected": [],
"aliases": [
"CVE-2024-12993"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-30T11:15:06Z",
"severity": "MODERATE"
},
"details": "Infinix devices contain a pre-loaded \"com.rlk.weathers\" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user\u2019s location without any privileges.\u00a0\nAfter multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices.",
"id": "GHSA-4334-98hj-rq43",
"modified": "2024-12-30T12:30:32Z",
"published": "2024-12-30T12:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12993"
},
{
"type": "WEB",
"url": "https://cert.pl/en/posts/2024/12/CVE-2024-12993"
},
{
"type": "WEB",
"url": "https://cert.pl/posts/2024/12/CVE-2024-12993"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-439W-VQFW-R935
Vulnerability from github – Published: 2025-09-26 09:31 – Updated: 2026-04-01 18:36Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in CoSchedule CoSchedule allows Retrieve Embedded Sensitive Data. This issue affects CoSchedule: from n/a through 3.3.10.
{
"affected": [],
"aliases": [
"CVE-2025-60119"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-26T09:15:38Z",
"severity": "MODERATE"
},
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in CoSchedule CoSchedule allows Retrieve Embedded Sensitive Data. This issue affects CoSchedule: from n/a through 3.3.10.",
"id": "GHSA-439w-vqfw-r935",
"modified": "2026-04-01T18:36:21Z",
"published": "2025-09-26T09:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60119"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/coschedule-by-todaymade/vulnerability/wordpress-coschedule-plugin-3-3-10-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4425-VVCM-JQXW
Vulnerability from github – Published: 2026-05-07 09:31 – Updated: 2026-05-07 09:31Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data.
This issue affects Happy Addons for Elementor: from n/a through 3.20.8.
{
"affected": [],
"aliases": [
"CVE-2026-25468"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-07T09:16:27Z",
"severity": "MODERATE"
},
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data.\n\nThis issue affects Happy Addons for Elementor: from n/a through 3.20.8.",
"id": "GHSA-4425-vvcm-jqxw",
"modified": "2026-05-07T09:31:27Z",
"published": "2026-05-07T09:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25468"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/happy-elementor-addons/vulnerability/wordpress-happy-addons-for-elementor-plugin-3-20-8-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-44F7-5FJ5-H4PX
Vulnerability from github – Published: 2025-03-11 15:27 – Updated: 2025-03-14 20:00Impact
In a Kubernetes environment, Ratify can be configured to authenticate to a private Azure Container Registry (ACR). The Azure workload identity and Azure managed identity authentication providers are configured in this setup. Users that configure a private ACR to be used with the Azure authentication providers may be impacted. Both Azure authentication providers attempt to exchange an Entra ID (EID) token for an ACR refresh token. However, Ratify’s Azure authentication providers did not verify that the target registry is an ACR. This could have led to the EID token being presented to a non-ACR registry during token exchange. EID tokens with ACR access can potentially be extracted and abused if a user workload contains an image reference to a malicious registry.
Patches
The Azure workload identity and Azure managed identity authentication providers are updated to add new validation prior to EID token exchange. Validation relies upon registry domain validation against a pre-configured list of well-known ACR endpoints. EID token exchange will be executed only if at least one of the configured well-known domain suffixes (wildcard support included) matches the registry domain of the image reference.
Credits
The ratify project would like to thank Shiwei Zhang (@shizhMSFT) and Binbin Li (@binbin-li) for responsibly disclosing the issue and thank Binbin Li (@binbin-li) and Akash Singhal (@akashsinghal) for actively mitigating the issue.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/ratify-project/ratify"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/ratify-project/ratify"
},
"ranges": [
{
"events": [
{
"introduced": "1.3.0"
},
{
"fixed": "1.3.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/deislabs/ratify"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-27403"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-497"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-11T15:27:16Z",
"nvd_published_at": "2025-03-11T15:15:45Z",
"severity": "HIGH"
},
"details": "### Impact\n\nIn a Kubernetes environment, Ratify can be configured to authenticate to a private Azure Container Registry (ACR). The Azure workload identity and Azure managed identity authentication providers are configured in this setup. Users that configure a private ACR to be used with the Azure authentication providers may be impacted.\nBoth Azure authentication providers attempt to exchange an Entra ID (EID) token for an ACR refresh token. However, Ratify\u2019s Azure authentication providers did not verify that the target registry is an ACR. This could have led to the EID token being presented to a non-ACR registry during token exchange. EID tokens with ACR access can potentially be extracted and abused if a user workload contains an image reference to a malicious registry.\n\n### Patches\n\nThe Azure workload identity and Azure managed identity authentication providers are updated to add new validation prior to EID token exchange. Validation relies upon registry domain validation against a pre-configured list of well-known ACR endpoints. EID token exchange will be executed only if at least one of the configured well-known domain suffixes (wildcard support included) matches the registry domain of the image reference.\n\n### Credits\n\nThe `ratify` project would like to thank Shiwei Zhang (@shizhMSFT) and Binbin Li (@binbin-li) for responsibly disclosing the issue and thank Binbin Li (@binbin-li) and Akash Singhal (@akashsinghal) for actively mitigating the issue.",
"id": "GHSA-44f7-5fj5-h4px",
"modified": "2025-03-14T20:00:47Z",
"published": "2025-03-11T15:27:16Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ratify-project/ratify/security/advisories/GHSA-44f7-5fj5-h4px"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27403"
},
{
"type": "WEB",
"url": "https://github.com/ratify-project/ratify/commit/0ec0c08490e3d672ae64b1a220c90d5484f1c93f"
},
{
"type": "WEB",
"url": "https://github.com/ratify-project/ratify/commit/84c7c48fa76bb9a1c9583635d1e90bc25b1a546c"
},
{
"type": "PACKAGE",
"url": "https://github.com/ratify-project/ratify"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2025-3511"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:L",
"type": "CVSS_V4"
}
],
"summary": "Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries"
}
GHSA-44R9-XQHR-R952
Vulnerability from github – Published: 2025-12-30 12:30 – Updated: 2026-01-20 15:32Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in o2oe E-Invoice App Malaysia einvoiceapp-malaysia allows Retrieve Embedded Sensitive Data.This issue affects E-Invoice App Malaysia: from n/a through <= 1.1.0.
{
"affected": [],
"aliases": [
"CVE-2025-68988"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-30T11:15:57Z",
"severity": "HIGH"
},
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in o2oe E-Invoice App Malaysia einvoiceapp-malaysia allows Retrieve Embedded Sensitive Data.This issue affects E-Invoice App Malaysia: from n/a through \u003c= 1.1.0.",
"id": "GHSA-44r9-xqhr-r952",
"modified": "2026-01-20T15:32:43Z",
"published": "2025-12-30T12:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68988"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/einvoiceapp-malaysia/vulnerability/wordpress-e-invoice-app-malaysia-plugin-1-1-0-sensitive-data-exposure-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/einvoiceapp-malaysia/vulnerability/wordpress-e-invoice-app-malaysia-plugin-1-1-0-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-45JV-8HVX-M25C
Vulnerability from github – Published: 2026-04-08 09:31 – Updated: 2026-04-13 18:30Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themefic Instantio instantio allows Retrieve Embedded Sensitive Data.This issue affects Instantio: from n/a through <= 3.3.30.
{
"affected": [],
"aliases": [
"CVE-2026-39571"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-08T09:16:28Z",
"severity": "MODERATE"
},
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themefic Instantio instantio allows Retrieve Embedded Sensitive Data.This issue affects Instantio: from n/a through \u003c= 3.3.30.",
"id": "GHSA-45jv-8hvx-m25c",
"modified": "2026-04-13T18:30:38Z",
"published": "2026-04-08T09:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39571"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/instantio/vulnerability/wordpress-instantio-plugin-3-3-30-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Production applications should never use methods that generate internal details such as stack traces and error messages unless that information is directly committed to a log that is not viewable by the end user. All error message text should be HTML entity encoded before being written to the log file to protect against potential cross-site scripting attacks against the viewer of the logs
CAPEC-170: Web Application Fingerprinting
An attacker sends a series of probes to a web application in order to elicit version-dependent and type-dependent behavior that assists in identifying the target. An attacker could learn information such as software versions, error pages, and response headers, variations in implementations of the HTTP protocol, directory structures, and other similar information about the targeted service. This information can then be used by an attacker to formulate a targeted attack plan. While web application fingerprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
CAPEC-694: System Location Discovery
An adversary collects information about the target system in an attempt to identify the system's geographical location.
Information gathered could include keyboard layout, system language, and timezone. This information may benefit an adversary in confirming the desired target and/or tailoring further attacks.