CWE-497
AllowedExposure of Sensitive System Information to an Unauthorized Control Sphere
Abstraction: Base · Status: Incomplete
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
669 vulnerabilities reference this CWE, most recent first.
GHSA-9JHW-7R2C-H2MF
Vulnerability from github – Published: 2025-12-17 21:30 – Updated: 2025-12-19 21:30AVideo versions prior to 20.0 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains.
{
"affected": [],
"aliases": [
"CVE-2025-34442"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-17T20:15:54Z",
"severity": "MODERATE"
},
"details": "AVideo versions prior to 20.0 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains.",
"id": "GHSA-9jhw-7r2c-h2mf",
"modified": "2025-12-19T21:30:18Z",
"published": "2025-12-17T21:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34442"
},
{
"type": "WEB",
"url": "https://github.com/WWBN/AVideo/commit/4a53ab2056"
},
{
"type": "WEB",
"url": "https://github.com/WWBN/AVideo/commit/dbe3e91c54"
},
{
"type": "WEB",
"url": "https://chocapikk.com/posts/2025/avideo-security-vulnerabilities"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/avideo-system-path-disclosure-via-public-api"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-9JWR-P39P-HWG2
Vulnerability from github – Published: 2026-01-20 21:31 – Updated: 2026-06-30 03:35A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other TypedArray instances like Uint8Array may contain leftover data from previous operations, allowing in-process secrets like tokens or passwords to leak or causing data corruption. While exploitation typically requires precise timing or in-process code execution, it can become remotely exploitable when untrusted input influences workload and timeouts, leading to potential confidentiality and integrity impact.
{
"affected": [],
"aliases": [
"CVE-2025-55131"
],
"database_specific": {
"cwe_ids": [
"CWE-120",
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-20T21:16:03Z",
"severity": "HIGH"
},
"details": "A flaw in Node.js\u0027s buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray` instances like `Uint8Array` may contain leftover data from previous operations, allowing in-process secrets like tokens or passwords to leak or causing data corruption. While exploitation typically requires precise timing or in-process code execution, it can become remotely exploitable when untrusted input influences workload and timeouts, leading to potential confidentiality and integrity impact.",
"id": "GHSA-9jwr-p39p-hwg2",
"modified": "2026-06-30T03:35:27Z",
"published": "2026-01-20T21:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55131"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-55131.json"
},
{
"type": "WEB",
"url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431350"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-55131"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7387"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7386"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6431"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6402"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2899"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2864"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2783"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2782"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2781"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2768"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2767"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2422"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2421"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2420"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:1843"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:1842"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-9Q9Q-J3GJ-3P8X
Vulnerability from github – Published: 2025-07-10 21:31 – Updated: 2025-08-27 18:31Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.
{
"affected": [],
"aliases": [
"CVE-2025-6390"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-10T21:15:29Z",
"severity": "MODERATE"
},
"details": "Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions. These audit logs are the local server VM\u2019s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.",
"id": "GHSA-9q9q-j3gj-3p8x",
"modified": "2025-08-27T18:31:50Z",
"published": "2025-07-10T21:31:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6390"
},
{
"type": "WEB",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35909"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-9QJJ-CV26-VXFW
Vulnerability from github – Published: 2025-10-12 06:30 – Updated: 2025-10-12 06:30HCL Unica 12.1.10 can expose sensitive system information. An attacker could use this information to form an attack plan by leveraging known vulnerabilities in the application.
{
"affected": [],
"aliases": [
"CVE-2025-52616"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-12T05:15:38Z",
"severity": "MODERATE"
},
"details": "HCL Unica 12.1.10 can expose sensitive system information. An attacker could use this information to form an attack plan by leveraging known vulnerabilities in the application.",
"id": "GHSA-9qjj-cv26-vxfw",
"modified": "2025-10-12T06:30:13Z",
"published": "2025-10-12T06:30:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52616"
},
{
"type": "WEB",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0124230"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9QP2-6XQR-CQWJ
Vulnerability from github – Published: 2025-11-21 15:31 – Updated: 2026-01-20 15:31Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Retrieve Embedded Sensitive Data.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.
{
"affected": [],
"aliases": [
"CVE-2025-66059"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-21T13:15:46Z",
"severity": "MODERATE"
},
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Retrieve Embedded Sensitive Data.This issue affects Seriously Simple Podcasting: from n/a through \u003c= 3.13.0.",
"id": "GHSA-9qp2-6xqr-cqwj",
"modified": "2026-01-20T15:31:56Z",
"published": "2025-11-21T15:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66059"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/seriously-simple-podcasting/vulnerability/wordpress-seriously-simple-podcasting-plugin-3-13-0-sensitive-data-exposure-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/seriously-simple-podcasting/vulnerability/wordpress-seriously-simple-podcasting-plugin-3-13-0-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9R24-MXPP-867Q
Vulnerability from github – Published: 2025-03-19 18:30 – Updated: 2025-03-19 18:30Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, contain(s) an Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.c
{
"affected": [],
"aliases": [
"CVE-2025-23382"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-19T16:15:30Z",
"severity": "MODERATE"
},
"details": "Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, contain(s) an Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.c",
"id": "GHSA-9r24-mxpp-867q",
"modified": "2025-03-19T18:30:51Z",
"published": "2025-03-19T18:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23382"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-uk/000291028/dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-9W9C-6CC9-MC59
Vulnerability from github – Published: 2026-01-02 18:30 – Updated: 2026-02-27 00:31Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
{
"affected": [],
"aliases": [
"CVE-2025-34171"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-02T17:15:45Z",
"severity": "MODERATE"
},
"details": "Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.",
"id": "GHSA-9w9c-6cc9-mc59",
"modified": "2026-02-27T00:31:42Z",
"published": "2026-01-02T18:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34171"
},
{
"type": "WEB",
"url": "https://casaos.zimaspace.com"
},
{
"type": "WEB",
"url": "https://github.com/IceWhaleTech/CasaOS"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/casaos-unauthenticated-file-and-debug-data-exposure"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-C2P8-XM7C-WC48
Vulnerability from github – Published: 2022-09-02 00:01 – Updated: 2022-09-08 00:00A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.
{
"affected": [],
"aliases": [
"CVE-2022-1902"
],
"database_specific": {
"cwe_ids": [
"CWE-497",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-01T21:15:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.",
"id": "GHSA-c2p8-xm7c-wc48",
"modified": "2022-09-08T00:00:29Z",
"published": "2022-09-02T00:01:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1902"
},
{
"type": "WEB",
"url": "https://github.com/stackrox/stackrox/pull/1803"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2022:5132"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2022:5188"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2022:5189"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2022-1902"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090957"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C2PM-FFW5-VJRR
Vulnerability from github – Published: 2026-01-08 12:30 – Updated: 2026-01-08 12:30Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webaware NextGEN Download Gallery nextgen-download-gallery allows Retrieve Embedded Sensitive Data.This issue affects NextGEN Download Gallery: from n/a through <= 1.6.2.
{
"affected": [],
"aliases": [
"CVE-2026-0675"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-08T10:15:55Z",
"severity": null
},
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webaware NextGEN Download Gallery nextgen-download-gallery allows Retrieve Embedded Sensitive Data.This issue affects NextGEN Download Gallery: from n/a through \u003c= 1.6.2.",
"id": "GHSA-c2pm-ffw5-vjrr",
"modified": "2026-01-08T12:30:31Z",
"published": "2026-01-08T12:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0675"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/nextgen-download-gallery/vulnerability/wordpress-nextgen-download-gallery-plugin-1-6-2-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-C45M-JF2P-JM7X
Vulnerability from github – Published: 2025-06-06 15:30 – Updated: 2026-04-01 18:35Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in esigngenie Foxit eSign for WordPress allows Retrieve Embedded Sensitive Data. This issue affects Foxit eSign for WordPress: from n/a through 2.0.3.
{
"affected": [],
"aliases": [
"CVE-2025-49419"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-06T13:15:52Z",
"severity": "MODERATE"
},
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in esigngenie Foxit eSign for WordPress allows Retrieve Embedded Sensitive Data. This issue affects Foxit eSign for WordPress: from n/a through 2.0.3.",
"id": "GHSA-c45m-jf2p-jm7x",
"modified": "2026-04-01T18:35:24Z",
"published": "2025-06-06T15:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49419"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/esign-genie-for-wp/vulnerability/wordpress-foxit-esign-for-wordpress-2-0-3-other-vulnerability-type-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Production applications should never use methods that generate internal details such as stack traces and error messages unless that information is directly committed to a log that is not viewable by the end user. All error message text should be HTML entity encoded before being written to the log file to protect against potential cross-site scripting attacks against the viewer of the logs
CAPEC-170: Web Application Fingerprinting
An attacker sends a series of probes to a web application in order to elicit version-dependent and type-dependent behavior that assists in identifying the target. An attacker could learn information such as software versions, error pages, and response headers, variations in implementations of the HTTP protocol, directory structures, and other similar information about the targeted service. This information can then be used by an attacker to formulate a targeted attack plan. While web application fingerprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
CAPEC-694: System Location Discovery
An adversary collects information about the target system in an attempt to identify the system's geographical location.
Information gathered could include keyboard layout, system language, and timezone. This information may benefit an adversary in confirming the desired target and/or tailoring further attacks.