CWE-497
AllowedExposure of Sensitive System Information to an Unauthorized Control Sphere
Abstraction: Base · Status: Incomplete
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
669 vulnerabilities reference this CWE, most recent first.
GHSA-GQ8G-2H99-85RV
Vulnerability from github – Published: 2024-09-12 18:31 – Updated: 2024-09-12 18:31An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the release Atom endpoint, contrary to permissions.
{
"affected": [],
"aliases": [
"CVE-2024-6389"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-12T17:15:05Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the release Atom endpoint, contrary to permissions.",
"id": "GHSA-gq8g-2h99-85rv",
"modified": "2024-09-12T18:31:42Z",
"published": "2024-09-12T18:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6389"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/2573397"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/469367"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GWQ3-R365-H2G8
Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2026-01-20 15:32Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in alekv Pixel Manager for WooCommerce woocommerce-google-adwords-conversion-tracking-tag allows Retrieve Embedded Sensitive Data.This issue affects Pixel Manager for WooCommerce: from n/a through <= 1.51.1.
{
"affected": [],
"aliases": [
"CVE-2025-67564"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-09T16:18:32Z",
"severity": "MODERATE"
},
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in alekv Pixel Manager for WooCommerce woocommerce-google-adwords-conversion-tracking-tag allows Retrieve Embedded Sensitive Data.This issue affects Pixel Manager for WooCommerce: from n/a through \u003c= 1.51.1.",
"id": "GHSA-gwq3-r365-h2g8",
"modified": "2026-01-20T15:32:11Z",
"published": "2025-12-09T18:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67564"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/woocommerce-google-adwords-conversion-tracking-tag/vulnerability/wordpress-pixel-manager-for-woocommerce-plugin-1-51-1-sensitive-data-exposure-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/woocommerce-google-adwords-conversion-tracking-tag/vulnerability/wordpress-pixel-manager-for-woocommerce-plugin-1-51-1-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GXCF-FVMV-78F7
Vulnerability from github – Published: 2025-08-03 00:30 – Updated: 2025-08-03 00:30NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may access sensitive system-level information. A successful exploit of this vulnerability may lead to Information disclosure.
{
"affected": [],
"aliases": [
"CVE-2025-23287"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-02T22:15:45Z",
"severity": "LOW"
},
"details": "NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may access sensitive system-level information. A successful exploit of this vulnerability may lead to Information disclosure.",
"id": "GHSA-gxcf-fvmv-78f7",
"modified": "2025-08-03T00:30:24Z",
"published": "2025-08-03T00:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23287"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5670"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-H354-4WQM-8GR9
Vulnerability from github – Published: 2024-12-10 03:31 – Updated: 2024-12-10 03:31Under certain conditions SAP BusinessObjects Business Intelligence platform allows an attacker to access information which would otherwise be restricted.This has low impact on Confidentiality with no impact on Integrity and Availability of the application.
{
"affected": [],
"aliases": [
"CVE-2024-32732"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-10T01:15:05Z",
"severity": "MODERATE"
},
"details": "Under certain conditions SAP BusinessObjects Business Intelligence platform allows an attacker to access information which would otherwise be restricted.This has low impact on Confidentiality with no impact on Integrity and Availability of the application.",
"id": "GHSA-h354-4wqm-8gr9",
"modified": "2024-12-10T03:31:45Z",
"published": "2024-12-10T03:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32732"
},
{
"type": "WEB",
"url": "https://me.sap.com/notes/3524933"
},
{
"type": "WEB",
"url": "https://url.sap/sapsecuritypatchday"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-H3FW-28MG-F834
Vulnerability from github – Published: 2025-05-16 18:31 – Updated: 2026-04-01 18:35Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in redqteam Wishlist allows Retrieve Embedded Sensitive Data. This issue affects Wishlist: from n/a through 2.1.0.
{
"affected": [],
"aliases": [
"CVE-2025-31062"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-16T16:15:36Z",
"severity": "MODERATE"
},
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in redqteam Wishlist allows Retrieve Embedded Sensitive Data. This issue affects Wishlist: from n/a through 2.1.0.",
"id": "GHSA-h3fw-28mg-f834",
"modified": "2026-04-01T18:35:05Z",
"published": "2025-05-16T18:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31062"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/wishlist/vulnerability/wordpress-wishlist-2-1-0-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-H4HJ-73F4-PXMR
Vulnerability from github – Published: 2025-08-14 21:31 – Updated: 2026-04-01 18:35Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NordicMade Savoy allows Retrieve Embedded Sensitive Data. This issue affects Savoy: from n/a through 3.0.8.
{
"affected": [],
"aliases": [
"CVE-2025-54736"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-14T19:15:41Z",
"severity": "MODERATE"
},
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NordicMade Savoy allows Retrieve Embedded Sensitive Data. This issue affects Savoy: from n/a through 3.0.8.",
"id": "GHSA-h4hj-73f4-pxmr",
"modified": "2026-04-01T18:35:52Z",
"published": "2025-08-14T21:31:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54736"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/theme/savoy/vulnerability/wordpress-savoy-theme-plugin-3-0-8-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-H56G-6GP6-858V
Vulnerability from github – Published: 2025-12-31 18:30 – Updated: 2026-04-28 21:35Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Digages Direct Payments WP allows Retrieve Embedded Sensitive Data.This issue affects Direct Payments WP: from n/a through 1.3.0.
{
"affected": [],
"aliases": [
"CVE-2025-49340"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-31T17:15:44Z",
"severity": "MODERATE"
},
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Digages Direct Payments WP allows Retrieve Embedded Sensitive Data.This issue affects Direct Payments WP: from n/a through 1.3.0.",
"id": "GHSA-h56g-6gp6-858v",
"modified": "2026-04-28T21:35:52Z",
"published": "2025-12-31T18:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49340"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/direct-payments-wp/vulnerability/wordpress-direct-payments-wp-plugin-1-3-0-sensitive-data-exposure-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/wordpress/plugin/direct-payments-wp/vulnerability/wordpress-direct-payments-wp-plugin-1-3-0-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-H75V-682V-7R88
Vulnerability from github – Published: 2025-05-20 18:30 – Updated: 2025-05-20 18:30The affected products could allow an unauthenticated attacker to access system information that could enable further access to sensitive files and obtain administrative credentials.
{
"affected": [],
"aliases": [
"CVE-2025-4364"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-20T18:15:47Z",
"severity": "HIGH"
},
"details": "The affected products could allow an unauthenticated attacker to access system information that could enable further access to sensitive files and obtain administrative credentials.",
"id": "GHSA-h75v-682v-7r88",
"modified": "2025-05-20T18:30:58Z",
"published": "2025-05-20T18:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4364"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-H8FG-CPVM-R33F
Vulnerability from github – Published: 2026-06-09 03:31 – Updated: 2026-06-09 03:31Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the confidentiality of the data. There is no impact on integrity and availability of the application.
{
"affected": [],
"aliases": [
"CVE-2026-44743"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T01:16:46Z",
"severity": "LOW"
},
"details": "Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the confidentiality of the data. There is no impact on integrity and availability of the application.",
"id": "GHSA-h8fg-cpvm-r33f",
"modified": "2026-06-09T03:31:40Z",
"published": "2026-06-09T03:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44743"
},
{
"type": "WEB",
"url": "https://me.sap.com/notes/3706000"
},
{
"type": "WEB",
"url": "https://url.sap/sapsecuritypatchday"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-H9W6-F932-GQ62
Vulnerability from github – Published: 2025-04-18 15:10 – Updated: 2025-04-18 18:34Impact
Web pages and web extensions using ses and the Compartment API to evaluate third-party code in an isolated execution environment that have also elsewhere used const, let, and class bindings in the top-level scope of a <script> tag will have inadvertently revealed these bindings in the lexical scope of third-party code.
Patches
This compromise is addressed in ses version 1.12.0. The mechanism for confining third-party code involves a with block and a semi-opaque scope Proxy. The proxy previously revealed any named property to the surrounding lexical scope if it were absent on globalThis, so that the third-party code would receive an informative ReferenceError, relying on the invalid assumption that only properties of globalThis are in the top-level lexical scope. The solution makes the scope proxy fully opaque. Consequently, accessing an unbound free lexical name will produce undefined instead of throwing ReferenceError.
Assigning to an unbound free lexical name will continue to throw a ReferenceError.
Workarounds
This problem can be mitigated either by avoiding top-level let, const, or class bindings in <script> tags, which is an existing industry best-practice, or change these to var bindings to be reflected on globalThis, or upgrade ses to version 1.12.0 or greater.
Some bundlers by default transform top-level let, const, and class bindings to var.
Disclosure
This vulnerability was disclosed by @mingijunggrape in the course of their studies at UNIST (Ulsan National Institute of Science and Technology) as a member of the Web Security Lab (https://websec-lab.github.io/).
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "ses"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-32792"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-18T15:10:05Z",
"nvd_published_at": "2025-04-18T16:15:23Z",
"severity": "HIGH"
},
"details": "### Impact\n\nWeb pages and web extensions using `ses` and the `Compartment` API to evaluate third-party code in an isolated execution environment that have also elsewhere used `const`, `let`, and `class` bindings in the top-level scope of a `\u003cscript\u003e` tag will have inadvertently revealed these bindings in the lexical scope of third-party code.\n\n### Patches\n\nThis compromise is addressed in `ses` version `1.12.0`. The mechanism for confining third-party code involves a `with` block and a semi-opaque scope `Proxy`. The proxy previously revealed any named property to the surrounding lexical scope if it were absent on `globalThis`, so that the third-party code would receive an informative `ReferenceError`, relying on the invalid assumption that only properties of `globalThis` are in the top-level lexical scope. The solution makes the scope proxy fully opaque. Consequently, accessing an unbound free lexical name will produce `undefined` instead of throwing `ReferenceError`.\nAssigning to an unbound free lexical name will continue to throw a `ReferenceError`.\n\n### Workarounds\n\nThis problem can be mitigated either by avoiding top-level `let`, `const`, or `class` bindings in `\u003cscript\u003e` tags, which is an existing industry best-practice, or change these to `var` bindings to be reflected on `globalThis`, or upgrade `ses` to version `1.12.0` or greater.\n\nSome bundlers by default transform top-level `let`, `const`, and `class` bindings to `var`.\n\n### Disclosure\n\nThis vulnerability was disclosed by @mingijunggrape in the course of their studies at UNIST (Ulsan National Institute of Science and Technology) as a member of the Web Security Lab (https://websec-lab.github.io/).",
"id": "GHSA-h9w6-f932-gq62",
"modified": "2025-04-18T18:34:51Z",
"published": "2025-04-18T15:10:05Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/endojs/endo/security/advisories/GHSA-h9w6-f932-gq62"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32792"
},
{
"type": "PACKAGE",
"url": "https://github.com/endojs/endo"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "ses\u0027s global contour bindings leak into Compartment lexical scope"
}
Mitigation
Production applications should never use methods that generate internal details such as stack traces and error messages unless that information is directly committed to a log that is not viewable by the end user. All error message text should be HTML entity encoded before being written to the log file to protect against potential cross-site scripting attacks against the viewer of the logs
CAPEC-170: Web Application Fingerprinting
An attacker sends a series of probes to a web application in order to elicit version-dependent and type-dependent behavior that assists in identifying the target. An attacker could learn information such as software versions, error pages, and response headers, variations in implementations of the HTTP protocol, directory structures, and other similar information about the targeted service. This information can then be used by an attacker to formulate a targeted attack plan. While web application fingerprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
CAPEC-694: System Location Discovery
An adversary collects information about the target system in an attempt to identify the system's geographical location.
Information gathered could include keyboard layout, system language, and timezone. This information may benefit an adversary in confirming the desired target and/or tailoring further attacks.