CWE-497
AllowedExposure of Sensitive System Information to an Unauthorized Control Sphere
Abstraction: Base · Status: Incomplete
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
669 vulnerabilities reference this CWE, most recent first.
GHSA-45Q7-XHFM-XQJP
Vulnerability from github – Published: 2025-01-15 15:31 – Updated: 2025-01-15 15:31A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator password, to the journal database. In the worst-case scenario, where the journal log is centralized, users with access to it can have improper access to the FreeIPA administrator credentials.
{
"affected": [],
"aliases": [
"CVE-2024-11029"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-15T13:15:08Z",
"severity": "MODERATE"
},
"details": "A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator password, to the journal database. In the worst-case scenario, where the journal log is centralized, users with access to it can have improper access to the FreeIPA administrator credentials.",
"id": "GHSA-45q7-xhfm-xqjp",
"modified": "2025-01-15T15:31:24Z",
"published": "2025-01-15T15:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11029"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:0334"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-11029"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325557"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-48Q3-PRGV-GM4W
Vulnerability from github – Published: 2025-07-10 16:50 – Updated: 2025-07-10 19:22Impact
The Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While schema introspection reveals only metadata and not actual data, this metadata can still expand the potential attack surface.
Patches
The issue has been addressed by requiring the master key for schema introspection. Additionally, a new Parse Server configuration option, graphQLPublicIntrospection, has been introduced. This option allows developers to re-enable public schema introspection if their application relies on it. However, it is strongly recommended to use this option only temporarily and to update the application to function without depending on public introspection.
Workarounds
None available.
References
- GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-48q3-prgv-gm4w
- Fix for Parse Server 7: https://github.com/parse-community/parse-server/pull/9820
- Fix for Parse Server 8: https://github.com/parse-community/parse-server/pull/9819
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "parse-server"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.2.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "parse-server"
},
"ranges": [
{
"events": [
{
"introduced": "5.3.0"
},
{
"fixed": "7.5.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-53364"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": true,
"github_reviewed_at": "2025-07-10T16:50:36Z",
"nvd_published_at": "2025-07-10T16:15:24Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nThe Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While schema introspection reveals only metadata and not actual data, this metadata can still expand the potential attack surface.\n\n### Patches\n\nThe issue has been addressed by requiring the master key for schema introspection. Additionally, a new Parse Server configuration option, `graphQLPublicIntrospection`, has been introduced. This option allows developers to re-enable public schema introspection if their application relies on it. However, it is strongly recommended to use this option only temporarily and to update the application to function without depending on public introspection.\n\n### Workarounds\n\nNone available.\n\n### References\n\n- GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-48q3-prgv-gm4w\n- Fix for Parse Server 7: https://github.com/parse-community/parse-server/pull/9820\n- Fix for Parse Server 8: https://github.com/parse-community/parse-server/pull/9819",
"id": "GHSA-48q3-prgv-gm4w",
"modified": "2025-07-10T19:22:40Z",
"published": "2025-07-10T16:50:36Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-48q3-prgv-gm4w"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53364"
},
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/pull/9819"
},
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/pull/9820"
},
{
"type": "PACKAGE",
"url": "https://github.com/parse-community/parse-server"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Parse Server exposes the data schema via GraphQL API"
}
GHSA-48WM-29G7-W3QW
Vulnerability from github – Published: 2025-08-19 21:30 – Updated: 2025-08-19 21:30IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system.
{
"affected": [],
"aliases": [
"CVE-2025-2988"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-19T20:15:30Z",
"severity": "LOW"
},
"details": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system.",
"id": "GHSA-48wm-29g7-w3qw",
"modified": "2025-08-19T21:30:37Z",
"published": "2025-08-19T21:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2988"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7242391"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4CQQ-M3QG-HQ7M
Vulnerability from github – Published: 2026-04-08 09:31 – Updated: 2026-04-13 18:30Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Chill RSVP and Event Management rsvp allows Retrieve Embedded Sensitive Data.This issue affects RSVP and Event Management: from n/a through <= 2.7.16.
{
"affected": [],
"aliases": [
"CVE-2026-39536"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-08T09:16:26Z",
"severity": "MODERATE"
},
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Chill RSVP and Event Management rsvp allows Retrieve Embedded Sensitive Data.This issue affects RSVP and Event Management: from n/a through \u003c= 2.7.16.",
"id": "GHSA-4cqq-m3qg-hq7m",
"modified": "2026-04-13T18:30:38Z",
"published": "2026-04-08T09:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39536"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/rsvp/vulnerability/wordpress-rsvp-and-event-management-plugin-2-7-16-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4F42-626F-CQM7
Vulnerability from github – Published: 2025-12-12 21:31 – Updated: 2025-12-16 00:30A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.
{
"affected": [],
"aliases": [
"CVE-2025-43406"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-12T21:15:54Z",
"severity": "MODERATE"
},
"details": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.",
"id": "GHSA-4f42-626f-cqm7",
"modified": "2025-12-16T00:30:28Z",
"published": "2025-12-12T21:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43406"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/125634"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4F69-VPC6-QRX2
Vulnerability from github – Published: 2024-07-03 18:47 – Updated: 2024-07-03 18:47Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder. This issue affects AdmirorFrames: before 5.0.
{
"affected": [],
"aliases": [
"CVE-2024-5735"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-28T12:15:10Z",
"severity": "MODERATE"
},
"details": "Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder.\u00a0This issue affects AdmirorFrames: before 5.0.",
"id": "GHSA-4f69-vpc6-qrx2",
"modified": "2024-07-03T18:47:18Z",
"published": "2024-07-03T18:47:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5735"
},
{
"type": "WEB",
"url": "https://github.com/vasiljevski/admirorframes/issues/3"
},
{
"type": "WEB",
"url": "https://cert.pl/en/posts/2024/06/CVE-2024-5735"
},
{
"type": "WEB",
"url": "https://cert.pl/posts/2024/06/CVE-2024-5735"
},
{
"type": "WEB",
"url": "https://github.com/afine-com/CVE-2024-5735"
},
{
"type": "WEB",
"url": "https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5735"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:L/U:Green",
"type": "CVSS_V4"
}
]
}
GHSA-4GRG-84CR-6C2H
Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2025-10-22 00:32Windows Kernel Information Disclosure Vulnerability
{
"affected": [],
"aliases": [
"CVE-2021-31955"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-08T23:15:00Z",
"severity": "MODERATE"
},
"details": "Windows Kernel Information Disclosure Vulnerability",
"id": "GHSA-4grg-84cr-6c2h",
"modified": "2025-10-22T00:32:13Z",
"published": "2022-05-24T19:04:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31955"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31955"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-31955"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4GV4-7PHC-2JW7
Vulnerability from github – Published: 2022-12-08 21:30 – Updated: 2022-12-12 15:30Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitHub repository lirantal/daloradius prior to master branch.
{
"affected": [],
"aliases": [
"CVE-2022-4366"
],
"database_specific": {
"cwe_ids": [
"CWE-497",
"CWE-668",
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-08T19:15:00Z",
"severity": "HIGH"
},
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitHub repository lirantal/daloradius prior to master branch.",
"id": "GHSA-4gv4-7phc-2jw7",
"modified": "2022-12-12T15:30:30Z",
"published": "2022-12-08T21:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4366"
},
{
"type": "WEB",
"url": "https://github.com/lirantal/daloradius/commit/3d11f375a76ddb3741200296e15f81d82dfb80ce"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/f225d69a-d971-410d-a8f9-b0026143aed8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4H55-M33H-988R
Vulnerability from github – Published: 2022-05-24 17:39 – Updated: 2022-05-24 17:39A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. The vulnerability is due to insufficient user authorization. An attacker could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read database files from the filesystem of the underlying operating system.
{
"affected": [],
"aliases": [
"CVE-2021-1235"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-20T21:15:00Z",
"severity": "MODERATE"
},
"details": "\n A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system.\n The vulnerability is due to insufficient user authorization. An attacker could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read database files from the filesystem of the underlying operating system.\n ",
"id": "GHSA-4h55-m33h-988r",
"modified": "2022-05-24T17:39:37Z",
"published": "2022-05-24T17:39:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1235"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vinfdis-MC8L58dj"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4HPQ-5JRV-896M
Vulnerability from github – Published: 2024-12-09 15:31 – Updated: 2026-04-01 18:32Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Analytify.This issue affects Analytify: from n/a through 5.4.3.
{
"affected": [],
"aliases": [
"CVE-2024-53814"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-09T14:15:12Z",
"severity": "MODERATE"
},
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Analytify.This issue affects Analytify: from n/a through 5.4.3.",
"id": "GHSA-4hpq-5jrv-896m",
"modified": "2026-04-01T18:32:42Z",
"published": "2024-12-09T15:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53814"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/wp-analytify/vulnerability/wordpress-analytify-plugin-5-4-3-broken-access-control-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Production applications should never use methods that generate internal details such as stack traces and error messages unless that information is directly committed to a log that is not viewable by the end user. All error message text should be HTML entity encoded before being written to the log file to protect against potential cross-site scripting attacks against the viewer of the logs
CAPEC-170: Web Application Fingerprinting
An attacker sends a series of probes to a web application in order to elicit version-dependent and type-dependent behavior that assists in identifying the target. An attacker could learn information such as software versions, error pages, and response headers, variations in implementations of the HTTP protocol, directory structures, and other similar information about the targeted service. This information can then be used by an attacker to formulate a targeted attack plan. While web application fingerprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
CAPEC-694: System Location Discovery
An adversary collects information about the target system in an attempt to identify the system's geographical location.
Information gathered could include keyboard layout, system language, and timezone. This information may benefit an adversary in confirming the desired target and/or tailoring further attacks.