CWE-497
AllowedExposure of Sensitive System Information to an Unauthorized Control Sphere
Abstraction: Base · Status: Incomplete
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
669 vulnerabilities reference this CWE, most recent first.
GHSA-53WM-FW97-Q62H
Vulnerability from github – Published: 2026-04-22 21:32 – Updated: 2026-04-24 21:31Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root. Attackers can send a GET request to the /setup page to access the exposed root_path value rendered in the HTML response, which enables exploitation of path-dependent vulnerabilities such as relative path traversal in connector.php.
{
"affected": [],
"aliases": [
"CVE-2026-41459"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-22T19:17:08Z",
"severity": "MODERATE"
},
"details": "Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root. Attackers can send a GET request to the /setup page to access the exposed root_path value rendered in the HTML response, which enables exploitation of path-dependent vulnerabilities such as relative path traversal in connector.php.",
"id": "GHSA-53wm-fw97-q62h",
"modified": "2026-04-24T21:31:59Z",
"published": "2026-04-22T21:32:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41459"
},
{
"type": "WEB",
"url": "https://github.com/thexerteproject/xerteonlinetoolkits/issues/1527"
},
{
"type": "WEB",
"url": "https://github.com/thexerteproject/xerteonlinetoolkits/commit/f063e942b4a9bf77a06829e844c2c70316bc45e8"
},
{
"type": "WEB",
"url": "https://github.com/bootstrapbool/xerteonlinetoolkits-rce"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/xerte-online-toolkits-path-disclosure-via-setup"
},
{
"type": "WEB",
"url": "https://xerte.org.uk/index.php/en/downloads-1/category/3-xerte-online-toolkits"
},
{
"type": "WEB",
"url": "https://xerte.org.uk/xertetoolkits_3.15_ChangeLog.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-54M6-4VF2-299G
Vulnerability from github – Published: 2025-04-01 15:31 – Updated: 2026-04-01 18:34Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beee ACF City Selector allows Retrieve Embedded Sensitive Data. This issue affects ACF City Selector: from n/a through 1.16.0.
{
"affected": [],
"aliases": [
"CVE-2025-31832"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-01T15:16:23Z",
"severity": "MODERATE"
},
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beee ACF City Selector allows Retrieve Embedded Sensitive Data. This issue affects ACF City Selector: from n/a through 1.16.0.",
"id": "GHSA-54m6-4vf2-299g",
"modified": "2026-04-01T18:34:21Z",
"published": "2025-04-01T15:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31832"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/acf-city-selector/vulnerability/wordpress-acf-city-selector-plugin-1-16-0-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-55HH-327M-68HJ
Vulnerability from github – Published: 2025-06-10 00:30 – Updated: 2025-06-10 00:30In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data.
{
"affected": [],
"aliases": [
"CVE-2025-0036"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-10T00:15:21Z",
"severity": "LOW"
},
"details": "In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data.",
"id": "GHSA-55hh-327m-68hj",
"modified": "2025-06-10T00:30:30Z",
"published": "2025-06-10T00:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0036"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8011.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-56W4-5538-8V8H
Vulnerability from github – Published: 2024-12-03 18:44 – Updated: 2024-12-03 18:44Impact
The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected.
Patches
Synapse version 1.120.1 fixes the problem.
Workarounds
Disable Sliding Sync.
References
https://github.com/matrix-org/matrix-spec-proposals/pull/4186 https://github.com/element-hq/synapse/blob/d80cd57c54427687afcb48740d99219c88a0fff1/synapse/config/experimental.py#L341-L344
For more information
If you have any questions or comments about this advisory, please email us at security at element.io.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "matrix-synapse"
},
"ranges": [
{
"events": [
{
"introduced": "1.113.0rc1"
},
{
"fixed": "1.120.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-53867"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": true,
"github_reviewed_at": "2024-12-03T18:44:23Z",
"nvd_published_at": "2024-12-03T17:15:12Z",
"severity": "MODERATE"
},
"details": "### Impact\nThe Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected.\n\n### Patches\nSynapse version 1.120.1 fixes the problem.\n\n### Workarounds\nDisable Sliding Sync.\n\n### References\nhttps://github.com/matrix-org/matrix-spec-proposals/pull/4186\nhttps://github.com/element-hq/synapse/blob/d80cd57c54427687afcb48740d99219c88a0fff1/synapse/config/experimental.py#L341-L344\n\n### For more information\n\nIf you have any questions or comments about this advisory, please email us at [security at element.io](mailto:security@element.io).\n",
"id": "GHSA-56w4-5538-8v8h",
"modified": "2024-12-03T18:44:23Z",
"published": "2024-12-03T18:44:23Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/element-hq/synapse/security/advisories/GHSA-56w4-5538-8v8h"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53867"
},
{
"type": "WEB",
"url": "https://github.com/matrix-org/matrix-spec-proposals/pull/4186"
},
{
"type": "PACKAGE",
"url": "https://github.com/element-hq/synapse"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Synapse Matrix has a partial room state leak via Sliding Sync"
}
GHSA-577H-64QR-V55R
Vulnerability from github – Published: 2025-07-14 12:30 – Updated: 2025-07-15 18:31An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.
{
"affected": [],
"aliases": [
"CVE-2024-51770"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-14T11:15:22Z",
"severity": "HIGH"
},
"details": "An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17.",
"id": "GHSA-577h-64qr-v55r",
"modified": "2025-07-15T18:31:23Z",
"published": "2025-07-14T12:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51770"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04760en_us"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-57GJ-F9MQ-4C5V
Vulnerability from github – Published: 2024-01-09 03:30 – Updated: 2024-01-22 21:31Under certain conditions, Internet Communication Manager (ICM) or SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22_EXT, WEBDISP 7.22_EXT, WEBDISP 7.53, WEBDISP 7.54, could allow an attacker to access information which would otherwise be restricted causing high impact on confidentiality.
{
"affected": [],
"aliases": [
"CVE-2024-22124"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-09T02:15:46Z",
"severity": "MODERATE"
},
"details": "Under certain conditions,\u00a0Internet Communication Manager (ICM) or\u00a0SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22_EXT, WEBDISP 7.22_EXT, WEBDISP 7.53, WEBDISP 7.54, could\u00a0allow an attacker to access information which would otherwise be restricted causing high impact on confidentiality.\n\n",
"id": "GHSA-57gj-f9mq-4c5v",
"modified": "2024-01-22T21:31:05Z",
"published": "2024-01-09T03:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22124"
},
{
"type": "WEB",
"url": "https://me.sap.com/notes/3392626"
},
{
"type": "WEB",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5938-C5FG-23FQ
Vulnerability from github – Published: 2025-06-06 15:30 – Updated: 2026-04-01 18:35Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in whassan KI Live Video Conferences allows Retrieve Embedded Sensitive Data. This issue affects KI Live Video Conferences: from n/a through 5.5.15.
{
"affected": [],
"aliases": [
"CVE-2025-23969"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-06T13:15:25Z",
"severity": "MODERATE"
},
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in whassan KI Live Video Conferences allows Retrieve Embedded Sensitive Data. This issue affects KI Live Video Conferences: from n/a through 5.5.15.",
"id": "GHSA-5938-c5fg-23fq",
"modified": "2026-04-01T18:35:17Z",
"published": "2025-06-06T15:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23969"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/ki-live-video-conferences/vulnerability/wordpress-ki-live-video-conferences-5-5-15-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5CHR-FJJV-38QV
Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-05-20 18:18A vulnerability in langchain-core versions >=0.1.17,<0.1.53, >=0.2.0,<0.2.43, and >=0.3.0,<0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from the ability to create langchain_core.prompts.ImagePromptTemplate's (and by extension langchain_core.prompts.ChatPromptTemplate's) with input variables that can read any user-specified path from the server file system. If the outputs of these prompt templates are exposed to the user, either directly or through downstream model outputs, it can lead to the exposure of sensitive information.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "langchain-core"
},
"ranges": [
{
"events": [
{
"introduced": "0.1.17"
},
{
"fixed": "0.1.53"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "langchain-core"
},
"ranges": [
{
"events": [
{
"introduced": "0.2.0"
},
{
"fixed": "0.2.43"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "langchain-core"
},
"ranges": [
{
"events": [
{
"introduced": "0.3.0"
},
{
"fixed": "0.3.15"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-10940"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-21T16:43:25Z",
"nvd_published_at": "2025-03-20T10:15:21Z",
"severity": "MODERATE"
},
"details": "A vulnerability in langchain-core versions \u003e=0.1.17,\u003c0.1.53, \u003e=0.2.0,\u003c0.2.43, and \u003e=0.3.0,\u003c0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from the ability to create langchain_core.prompts.ImagePromptTemplate\u0027s (and by extension langchain_core.prompts.ChatPromptTemplate\u0027s) with input variables that can read any user-specified path from the server file system. If the outputs of these prompt templates are exposed to the user, either directly or through downstream model outputs, it can lead to the exposure of sensitive information.",
"id": "GHSA-5chr-fjjv-38qv",
"modified": "2025-05-20T18:18:37Z",
"published": "2025-03-20T12:32:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10940"
},
{
"type": "WEB",
"url": "https://github.com/langchain-ai/langchain/commit/7d481f10102f43559cc57bcad7eba291067939ee"
},
{
"type": "WEB",
"url": "https://github.com/langchain-ai/langchain/commit/c1e742347f9701aadba8920e4d1f79a636e50b68"
},
{
"type": "WEB",
"url": "https://github.com/langchain-ai/langchain/commit/e711034713259ae448981bc0fd1d7a5671499c31"
},
{
"type": "PACKAGE",
"url": "https://github.com/langchain-ai/langchain"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/be1ee1cb-2147-4ff4-a57b-b6045271cf27"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "langchain-core allows unauthorized users to read arbitrary files from the host file system"
}
GHSA-5F4W-8Q46-XRJ3
Vulnerability from github – Published: 2023-08-17 00:30 – Updated: 2024-01-25 18:30A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information.
This vulnerability is due to the improper storage of sensitive information within the web-based management interface. An attacker could exploit this vulnerability by logging in to the web-based management interface and viewing hidden fields within the application. A successful exploit could allow the attacker to access sensitive information, including device entry credentials, that could aid the attacker in further attacks.
{
"affected": [],
"aliases": [
"CVE-2023-20111"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-16T22:15:10Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information.\n\n This vulnerability is due to the improper storage of sensitive information within the web-based management interface. An attacker could exploit this vulnerability by logging in to the web-based management interface and viewing hidden fields within the application. A successful exploit could allow the attacker to access sensitive information, including device entry credentials, that could aid the attacker in further attacks.",
"id": "GHSA-5f4w-8q46-xrj3",
"modified": "2024-01-25T18:30:38Z",
"published": "2023-08-17T00:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20111"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-credentials-tkTO3h3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5F5V-CHG4-G75R
Vulnerability from github – Published: 2023-08-08 03:30 – Updated: 2024-04-04 06:37SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impact on confidentiality with no impact on integrity and availability of the application
{
"affected": [],
"aliases": [
"CVE-2023-37487"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-08T01:15:18Z",
"severity": "MODERATE"
},
"details": "SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impact on confidentiality with no impact on integrity and availability of the application\n\n",
"id": "GHSA-5f5v-chg4-g75r",
"modified": "2024-04-04T06:37:21Z",
"published": "2023-08-08T03:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37487"
},
{
"type": "WEB",
"url": "https://me.sap.com/notes/3333616"
},
{
"type": "WEB",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Production applications should never use methods that generate internal details such as stack traces and error messages unless that information is directly committed to a log that is not viewable by the end user. All error message text should be HTML entity encoded before being written to the log file to protect against potential cross-site scripting attacks against the viewer of the logs
CAPEC-170: Web Application Fingerprinting
An attacker sends a series of probes to a web application in order to elicit version-dependent and type-dependent behavior that assists in identifying the target. An attacker could learn information such as software versions, error pages, and response headers, variations in implementations of the HTTP protocol, directory structures, and other similar information about the targeted service. This information can then be used by an attacker to formulate a targeted attack plan. While web application fingerprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
CAPEC-694: System Location Discovery
An adversary collects information about the target system in an attempt to identify the system's geographical location.
Information gathered could include keyboard layout, system language, and timezone. This information may benefit an adversary in confirming the desired target and/or tailoring further attacks.