CWE-497
AllowedExposure of Sensitive System Information to an Unauthorized Control Sphere
Abstraction: Base · Status: Incomplete
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
669 vulnerabilities reference this CWE, most recent first.
GHSA-4MRG-R3F5-VHVF
Vulnerability from github – Published: 2024-11-28 18:38 – Updated: 2024-11-28 18:38The uyuni-server-attestation systemd service needs a database_password environment variable. This file has 640 permission, and cannot be shown users, but the environment is still exposed by systemd to non-privileged users.
{
"affected": [],
"aliases": [
"CVE-2024-22037"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-28T10:15:06Z",
"severity": "MODERATE"
},
"details": "The uyuni-server-attestation systemd service needs a database_password environment variable. This file has 640 permission, and cannot be shown users, but the environment is still exposed by systemd to non-privileged users.",
"id": "GHSA-4mrg-r3f5-vhvf",
"modified": "2024-11-28T18:38:36Z",
"published": "2024-11-28T18:38:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22037"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22037"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4P64-JP2F-4R7G
Vulnerability from github – Published: 2025-03-25 06:30 – Updated: 2025-03-25 06:30An Exposure of Sensitive System Information to an Unauthorized Control Sphere and Initialization of a Resource with an Insecure Default vulnerability in the SNMP component of B&R APROL <4.4-00P5 may allow an unauthenticated adjacent-based attacker to read and alter configuration using SNMP.
{
"affected": [],
"aliases": [
"CVE-2024-8313"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-25T05:15:40Z",
"severity": "HIGH"
},
"details": "An Exposure of Sensitive System Information to an Unauthorized Control Sphere and Initialization of a Resource with an Insecure Default vulnerability in the SNMP component of B\u0026R APROL \u003c4.4-00P5 may allow an unauthenticated adjacent-based attacker to read and alter configuration using SNMP.",
"id": "GHSA-4p64-jp2f-4r7g",
"modified": "2025-03-25T06:30:26Z",
"published": "2025-03-25T06:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8313"
},
{
"type": "WEB",
"url": "https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4PCP-H2JW-CP6P
Vulnerability from github – Published: 2025-03-10 18:31 – Updated: 2025-03-10 18:31IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 could disclose sensitive database information to a privileged user.
{
"affected": [],
"aliases": [
"CVE-2024-52905"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-10T16:15:12Z",
"severity": "LOW"
},
"details": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 could disclose sensitive database information to a privileged user.",
"id": "GHSA-4pcp-h2jw-cp6p",
"modified": "2025-03-10T18:31:56Z",
"published": "2025-03-10T18:31:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52905"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7185264"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4PMC-X99V-23P3
Vulnerability from github – Published: 2026-02-03 15:30 – Updated: 2026-02-03 18:30Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mdedev Run Contests, Raffles, and Giveaways with ContestsWP contest-code-checker allows Retrieve Embedded Sensitive Data.This issue affects Run Contests, Raffles, and Giveaways with ContestsWP: from n/a through <= 2.0.7.
{
"affected": [],
"aliases": [
"CVE-2026-25023"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-03T15:16:20Z",
"severity": "MODERATE"
},
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mdedev Run Contests, Raffles, and Giveaways with ContestsWP contest-code-checker allows Retrieve Embedded Sensitive Data.This issue affects Run Contests, Raffles, and Giveaways with ContestsWP: from n/a through \u003c= 2.0.7.",
"id": "GHSA-4pmc-x99v-23p3",
"modified": "2026-02-03T18:30:43Z",
"published": "2026-02-03T15:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25023"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/contest-code-checker/vulnerability/wordpress-run-contests-raffles-and-giveaways-with-contestswp-plugin-2-0-7-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4QR9-WQJ5-M42W
Vulnerability from github – Published: 2025-05-16 18:31 – Updated: 2026-04-01 18:35Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themovation QuickCal allows Retrieve Embedded Sensitive Data. This issue affects QuickCal: from n/a through 1.0.15.
{
"affected": [],
"aliases": [
"CVE-2025-32299"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-16T16:15:39Z",
"severity": "MODERATE"
},
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themovation QuickCal allows Retrieve Embedded Sensitive Data. This issue affects QuickCal: from n/a through 1.0.15.",
"id": "GHSA-4qr9-wqj5-m42w",
"modified": "2026-04-01T18:35:06Z",
"published": "2025-05-16T18:31:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32299"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/quickcal/vulnerability/wordpress-quickcal-1-0-15-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4RGR-WMHW-58FG
Vulnerability from github – Published: 2026-06-04 12:30 – Updated: 2026-06-04 12:30Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data.
This issue affects WP eMember: from n/a through v10.2.2.
{
"affected": [],
"aliases": [
"CVE-2026-49077"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-04T11:16:27Z",
"severity": "MODERATE"
},
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data.\n\nThis issue affects WP eMember: from n/a through v10.2.2.",
"id": "GHSA-4rgr-wmhw-58fg",
"modified": "2026-06-04T12:30:25Z",
"published": "2026-06-04T12:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49077"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/wp-emember/vulnerability/wordpress-wp-emember-plugin-v10-2-2-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-526W-GQ45-2F4F
Vulnerability from github – Published: 2025-12-16 09:31 – Updated: 2026-01-20 15:32Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in SendPulse SendPulse Email Marketing Newsletter sendpulse-email-marketing-newsletter allows Retrieve Embedded Sensitive Data.This issue affects SendPulse Email Marketing Newsletter: from n/a through <= 2.2.1.
{
"affected": [],
"aliases": [
"CVE-2025-67948"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-16T09:15:59Z",
"severity": "MODERATE"
},
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in SendPulse SendPulse Email Marketing Newsletter sendpulse-email-marketing-newsletter allows Retrieve Embedded Sensitive Data.This issue affects SendPulse Email Marketing Newsletter: from n/a through \u003c= 2.2.1.",
"id": "GHSA-526w-gq45-2f4f",
"modified": "2026-01-20T15:32:16Z",
"published": "2025-12-16T09:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67948"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/sendpulse-email-marketing-newsletter/vulnerability/wordpress-sendpulse-email-marketing-newsletter-plugin-2-2-1-sensitive-data-exposure-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/sendpulse-email-marketing-newsletter/vulnerability/wordpress-sendpulse-email-marketing-newsletter-plugin-2-2-1-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-52FM-9HXJ-XFR5
Vulnerability from github – Published: 2026-07-13 12:35 – Updated: 2026-07-13 12:35Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetReviews jet-reviews allows Retrieve Embedded Sensitive Data.This issue affects JetReviews: from n/a through <= 3.0.1.
{
"affected": [],
"aliases": [
"CVE-2026-61975"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-13T10:16:47Z",
"severity": "MODERATE"
},
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetReviews jet-reviews allows Retrieve Embedded Sensitive Data.This issue affects JetReviews: from n/a through \u003c= 3.0.1.",
"id": "GHSA-52fm-9hxj-xfr5",
"modified": "2026-07-13T12:35:06Z",
"published": "2026-07-13T12:35:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-61975"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/jet-reviews/vulnerability/wordpress-jetreviews-plugin-3-0-1-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-53Q7-4874-24QG
Vulnerability from github – Published: 2024-07-05 20:40 – Updated: 2024-07-05 20:40SERVER_SIDE_FIDES_API_URL is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address, private domain name, and/or port.
This vulnerability allows an unauthenticated attacker to make a HTTP GET request from the Privacy Center that discloses the value of this server-side URL.
Impact
Disclosure of server-side configuration giving an attacker information on server-side ports, private IP addresses, and/or private domain names.
Patches
The vulnerability has been patched in Fides version 2.39.2. Users are advised to upgrade to this version or later to secure their systems against this threat.
Workarounds
There are no workarounds.
Proof of Concept
-
Set the value of the environment variable
FIDES_PRIVACY_CENTER__SERVER_SIDE_FIDES_API_URLof your Fides Privacy Center container before start-up to a private value such ashttps://some.private.domain.name/api/v1and start the Privacy Center application. -
Once the application is up, perform a HTTP GET request of the Privacy Center's main page e.g.
https://privacy.example.com. The value ofSERVER_SIDE_FIDES_API_URLis returned in the response's body.
~ ❯ curl -s https://privacy.example.com/ | \
grep '__NEXT_DATA__' | \
sed 's/.*<script id="__NEXT_DATA__" type="application\/json">//;s/<\/script>.*//' | \
jq '.props.serverEnvironment.settings.SERVER_SIDE_FIDES_API_URL'
"https://some.private.domain.name/api/v1"
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ethyca-fides"
},
"ranges": [
{
"events": [
{
"introduced": "2.19.0"
},
{
"fixed": "2.39.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-31223"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": true,
"github_reviewed_at": "2024-07-05T20:40:06Z",
"nvd_published_at": "2024-07-03T18:15:05Z",
"severity": "MODERATE"
},
"details": "`SERVER_SIDE_FIDES_API_URL` is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address, private domain name, and/or port.\n\nThis vulnerability allows an unauthenticated attacker to make a HTTP GET request from the Privacy Center that discloses the value of this server-side URL.\n\n### Impact\n\nDisclosure of server-side configuration giving an attacker information on server-side ports, private IP addresses, and/or private domain names.\n\n### Patches\nThe vulnerability has been patched in Fides version `2.39.2`. Users are advised to upgrade to this version or later to secure their systems against this threat.\n\n### Workarounds\nThere are no workarounds.\n\n### Proof of Concept\n\n1. Set the value of the environment variable `FIDES_PRIVACY_CENTER__SERVER_SIDE_FIDES_API_URL` of your Fides Privacy Center container before start-up to a private value such as `https://some.private.domain.name/api/v1` and start the Privacy Center application.\n\n2. Once the application is up, perform a HTTP GET request of the Privacy Center\u0027s main page e.g. `https://privacy.example.com` . The value of `SERVER_SIDE_FIDES_API_URL` is returned in the response\u0027s body.\n\n\n```\n~ \u276f curl -s https://privacy.example.com/ | \\\ngrep \u0027__NEXT_DATA__\u0027 | \\\nsed \u0027s/.*\u003cscript id=\"__NEXT_DATA__\" type=\"application\\/json\"\u003e//;s/\u003c\\/script\u003e.*//\u0027 | \\\njq \u0027.props.serverEnvironment.settings.SERVER_SIDE_FIDES_API_URL\u0027\n\"https://some.private.domain.name/api/v1\"\n```",
"id": "GHSA-53q7-4874-24qg",
"modified": "2024-07-05T20:40:06Z",
"published": "2024-07-05T20:40:06Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ethyca/fides/security/advisories/GHSA-53q7-4874-24qg"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31223"
},
{
"type": "WEB",
"url": "https://github.com/ethyca/fides/commit/0555080541f18a5aacff452c590ac9a1b56d7097"
},
{
"type": "WEB",
"url": "https://github.com/ethyca/fides/commit/cd510216b281de5443ec1c126add95cc5be0970a"
},
{
"type": "PACKAGE",
"url": "https://github.com/ethyca/fides"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL"
}
GHSA-53R4-MVJ6-W855
Vulnerability from github – Published: 2026-05-26 18:31 – Updated: 2026-05-26 18:31The SAP Gateway allows attackers to inject content into error messages, potentially leading to disclosure of request artefacts (e.g., regex patterns) and revealing underlying URI parsing logic. Leading to low impact on confidentiality. Integrity and availability are unaffected.
{
"affected": [],
"aliases": [
"CVE-2026-44749"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-26T18:16:51Z",
"severity": "MODERATE"
},
"details": "The SAP Gateway allows attackers to inject content into error messages, potentially leading to disclosure of request artefacts (e.g., regex patterns) and revealing underlying URI parsing logic. Leading to low impact on confidentiality. Integrity and availability are unaffected.",
"id": "GHSA-53r4-mvj6-w855",
"modified": "2026-05-26T18:31:50Z",
"published": "2026-05-26T18:31:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44749"
},
{
"type": "WEB",
"url": "https://me.sap.com/notes/3433366"
},
{
"type": "WEB",
"url": "https://url.sap/sapsecuritypatchday"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Production applications should never use methods that generate internal details such as stack traces and error messages unless that information is directly committed to a log that is not viewable by the end user. All error message text should be HTML entity encoded before being written to the log file to protect against potential cross-site scripting attacks against the viewer of the logs
CAPEC-170: Web Application Fingerprinting
An attacker sends a series of probes to a web application in order to elicit version-dependent and type-dependent behavior that assists in identifying the target. An attacker could learn information such as software versions, error pages, and response headers, variations in implementations of the HTTP protocol, directory structures, and other similar information about the targeted service. This information can then be used by an attacker to formulate a targeted attack plan. While web application fingerprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
CAPEC-694: System Location Discovery
An adversary collects information about the target system in an attempt to identify the system's geographical location.
Information gathered could include keyboard layout, system language, and timezone. This information may benefit an adversary in confirming the desired target and/or tailoring further attacks.