Common Weakness Enumeration

CWE-497

Allowed

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Abstraction: Base · Status: Incomplete

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

669 vulnerabilities reference this CWE, most recent first.

GHSA-W8HJ-X5G8-W28F

Vulnerability from github – Published: 2025-10-06 09:30 – Updated: 2025-10-06 09:30
VLAI
Details

Due to a lack of authentication, it is possible for an unauthenticated user to request data from this endpoint, making the application vulnerable for user enumeration.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-58579"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-497"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-06T07:15:34Z",
    "severity": "MODERATE"
  },
  "details": "Due to a lack of authentication, it is possible for an unauthenticated user to request data from this endpoint, making the application vulnerable for user enumeration.",
  "id": "GHSA-w8hj-x5g8-w28f",
  "modified": "2025-10-06T09:30:19Z",
  "published": "2025-10-06T09:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58579"
    },
    {
      "type": "WEB",
      "url": "https://sick.com/psirt"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
    },
    {
      "type": "WEB",
      "url": "https://www.first.org/cvss/calculator/3.1"
    },
    {
      "type": "WEB",
      "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json"
    },
    {
      "type": "WEB",
      "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W962-XQHV-V77R

Vulnerability from github – Published: 2026-04-08 09:31 – Updated: 2026-04-14 15:30
VLAI
Details

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through <= 4.7.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-39516"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-497"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-08T09:16:25Z",
    "severity": "MODERATE"
  },
  "details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through \u003c= 4.7.0.",
  "id": "GHSA-w962-xqhv-v77r",
  "modified": "2026-04-14T15:30:28Z",
  "published": "2026-04-08T09:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39516"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/the-plus-addons-for-block-editor/vulnerability/wordpress-nexter-blocks-plugin-4-7-0-sensitive-data-exposure-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W9Q3-G4P5-5Q2R

Vulnerability from github – Published: 2025-05-13 20:05 – Updated: 2025-05-13 20:05
VLAI
Summary
sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others
Details

Summary

Users with limited sudo privileges (e.g. execution of a single command) can list sudo privileges of other users using the -U flag. This doesn't happen with the original sudo.

PoC

The initial test has been done in a container running Ubuntu 24.04 and installing oxidizr, running sudo-rs 0.2.2.

A user (bob) has been added with only ps command executable through sudo:

root    ALL=(ALL:ALL) ALL
bob     ALL=(ALL:ALL) /usr/bin/ps

The user is not able to read the /etc/sudoers file and running sudo -l -Uroot with original sudo (version 1.9.15p5) causes the following error:

Sorry, user bob is not allowed to execute 'list' as root on 43d4aed3cdbd.

The same command with sudo-rs is run without denying the execution:

User root may run the following commands on 43d4aed3cdbd:
    (ALL : ALL) ALL

The same happens for other non-root users:

bob@43d4aed3cdbd:~$ sudo -l -Ufoo
User foo may run the following commands on 43d4aed3cdbd:
    (ALL : ALL) /usr/bin/whoami

The behavior has been also been observed for version 0.2.5.

Impact

Users with limited sudo privileges can enumerate the sudoers file, revealing sensitive information about other users' permissions. Attackers can collect information that can be used to more targeted attacks.

Systems where users either do not have sudo privileges or have the ability to run all commands as root through sudo (the default configuration on most systems) are not affected by this advisory.

Credits

This issue was identified by Sonia Zorba.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "sudo-rs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-46718"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-497"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-05-13T20:05:55Z",
    "nvd_published_at": "2025-05-12T15:16:01Z",
    "severity": "LOW"
  },
  "details": "### Summary\nUsers with limited sudo privileges (e.g. execution of a single command) can list sudo privileges of other users using the `-U` flag. This doesn\u0027t happen with the original sudo.\n\n### PoC\n\nThe initial test has been done in a container running Ubuntu 24.04 and installing [oxidizr](https://github.com/jnsgruk/oxidizr), running sudo-rs 0.2.2.\n\nA user (bob) has been added with only ps command executable through sudo:\n\n```\nroot    ALL=(ALL:ALL) ALL\nbob     ALL=(ALL:ALL) /usr/bin/ps\n```\n\nThe user is not able to read the `/etc/sudoers` file and running `sudo -l -Uroot` with original sudo (version 1.9.15p5) causes the following error:\n\n```\nSorry, user bob is not allowed to execute \u0027list\u0027 as root on 43d4aed3cdbd.\n```\n\nThe same command with sudo-rs is run without denying the execution:\n\n```\nUser root may run the following commands on 43d4aed3cdbd:\n    (ALL : ALL) ALL\n```\n\nThe same happens for other non-root users:\n\n```\nbob@43d4aed3cdbd:~$ sudo -l -Ufoo\nUser foo may run the following commands on 43d4aed3cdbd:\n    (ALL : ALL) /usr/bin/whoami\n```\n\nThe behavior has been also been observed for version 0.2.5.\n\n### Impact\nUsers with limited sudo privileges can enumerate the sudoers file, revealing sensitive information about other users\u0027 permissions. Attackers can collect information that can be used to more targeted attacks.\n\nSystems where users either do not have sudo privileges or have the ability to run all commands as root through sudo (the default configuration on most systems) are not affected by this advisory.\n\n### Credits\nThis issue was identified by [Sonia Zorba](https://www.zonia3000.net/).",
  "id": "GHSA-w9q3-g4p5-5q2r",
  "modified": "2025-05-13T20:05:55Z",
  "published": "2025-05-13T20:05:55Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-w9q3-g4p5-5q2r"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46718"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/trifectatechfoundation/sudo-rs"
    },
    {
      "type": "WEB",
      "url": "https://github.com/trifectatechfoundation/sudo-rs/releases/tag/v0.2.6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others"
}

GHSA-WCHM-6X5M-J87P

Vulnerability from github – Published: 2025-09-16 00:30 – Updated: 2025-09-16 15:32
VLAI
Details

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 26 and iPadOS 26. Keyboard suggestions may display sensitive information on the lock screen.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-24133"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-497"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T23:15:29Z",
    "severity": "MODERATE"
  },
  "details": "This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 26 and iPadOS 26. Keyboard suggestions may display sensitive information on the lock screen.",
  "id": "GHSA-wchm-6x5m-j87p",
  "modified": "2025-09-16T15:32:30Z",
  "published": "2025-09-16T00:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24133"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125108"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WFPP-6H7F-CMMC

Vulnerability from github – Published: 2026-02-03 00:30 – Updated: 2026-02-03 00:30
VLAI
Details

IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 could allow a local user with administration privileges to obtain sensitive information from a Virtual TPM through a series of PowerVM service procedures.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-36238"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-497"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-02T23:15:59Z",
    "severity": "MODERATE"
  },
  "details": "IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 could allow a local user with administration privileges to obtain sensitive information from a Virtual TPM through a series of PowerVM service procedures.",
  "id": "GHSA-wfpp-6h7f-cmmc",
  "modified": "2026-02-03T00:30:18Z",
  "published": "2026-02-03T00:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36238"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7257556"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WGPV-C3R2-3V2F

Vulnerability from github – Published: 2025-06-20 15:30 – Updated: 2026-04-01 15:30
VLAI
Details

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss ProfileGrid allows Retrieve Embedded Sensitive Data. This issue affects ProfileGrid : from n/a through 5.9.5.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-52719"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-497"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-20T15:15:32Z",
    "severity": "MODERATE"
  },
  "details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss ProfileGrid  allows Retrieve Embedded Sensitive Data. This issue affects ProfileGrid : from n/a through 5.9.5.2.",
  "id": "GHSA-wgpv-c3r2-3v2f",
  "modified": "2026-04-01T15:30:45Z",
  "published": "2025-06-20T15:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52719"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/profilegrid-user-profiles-groups-and-communities/vulnerability/wordpress-profilegrid-plugin-5-9-5-2-full-path-disclosure-fpd-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WGX8-MFG5-P253

Vulnerability from github – Published: 2026-04-08 09:31 – Updated: 2026-04-29 12:33
VLAI
Details

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersky BSK PDF Manager bsk-pdf-manager allows Retrieve Embedded Sensitive Data.This issue affects BSK PDF Manager: from n/a through <= 3.7.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-39686"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-497"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-08T09:16:40Z",
    "severity": "MODERATE"
  },
  "details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersky BSK PDF Manager bsk-pdf-manager allows Retrieve Embedded Sensitive Data.This issue affects BSK PDF Manager: from n/a through \u003c= 3.7.2.",
  "id": "GHSA-wgx8-mfg5-p253",
  "modified": "2026-04-29T12:33:03Z",
  "published": "2026-04-08T09:31:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39686"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/bsk-pdf-manager/vulnerability/wordpress-bsk-pdf-manager-plugin-3-7-2-sensitive-data-exposure-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WPJR-JGR7-59XW

Vulnerability from github – Published: 2025-10-31 00:30 – Updated: 2025-11-06 18:32
VLAI
Details

Nagios XI versions prior to 2024R1.1.2 may (confirmed in 2024R1.1 and 2024R1.1.1) disclose sensitive user account information (including API keys and hashed passwords) to authenticated users who should not have access to that data. Exposure of API keys or password hashes could lead to account compromise, abuse of API privileges, or offline cracking attempts.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-13995"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-497"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-30T22:15:44Z",
    "severity": "HIGH"
  },
  "details": "Nagios XI versions prior to\u00a02024R1.1.2 may (confirmed in\u00a02024R1.1 and 2024R1.1.1) disclose\u00a0sensitive user account information (including API keys and hashed passwords) to authenticated users who should not have access to that data. Exposure of API keys or password hashes could lead to account compromise, abuse of API privileges, or offline cracking attempts.",
  "id": "GHSA-wpjr-jgr7-59xw",
  "modified": "2025-11-06T18:32:47Z",
  "published": "2025-10-31T00:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13995"
    },
    {
      "type": "WEB",
      "url": "https://www.nagios.com/changelog/nagios-xi"
    },
    {
      "type": "WEB",
      "url": "https://www.nagios.com/products/security/#nagios-xi"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/nagios-xi-api-keys-and-hashed-password-authenticated-information-disclosure"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-WQH9-5Q54-MHG8

Vulnerability from github – Published: 2025-04-16 15:34 – Updated: 2026-04-01 18:34
VLAI
Details

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper Essential Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Essential Addons for Elementor: from n/a through 6.1.9.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-39589"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-497"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-16T13:15:51Z",
    "severity": "MODERATE"
  },
  "details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper Essential Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Essential Addons for Elementor: from n/a through 6.1.9.",
  "id": "GHSA-wqh9-5q54-mhg8",
  "modified": "2026-04-01T18:34:45Z",
  "published": "2025-04-16T15:34:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39589"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/essential-addons-for-elementor-lite/vulnerability/wordpress-essential-addons-for-elementor-6-1-9-sensitive-data-exposure-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WVFR-WWFX-7QXQ

Vulnerability from github – Published: 2024-11-20 09:32 – Updated: 2024-11-20 09:32
VLAI
Details

Exposure of sensitive system information to an unauthorized control sphere issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may obtain information of the other devices connected through the Wi-Fi.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-52033"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-497"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-20T08:15:15Z",
    "severity": "MODERATE"
  },
  "details": "Exposure of sensitive system information to an unauthorized control sphere issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may obtain information of the other devices connected through the Wi-Fi.",
  "id": "GHSA-wvfr-wwfx-7qxq",
  "modified": "2024-11-20T09:32:54Z",
  "published": "2024-11-20T09:32:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52033"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/vu/JVNVU90667116"
    },
    {
      "type": "WEB",
      "url": "https://network.mobile.rakuten.co.jp/internet/turbo/information/news/3184"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Production applications should never use methods that generate internal details such as stack traces and error messages unless that information is directly committed to a log that is not viewable by the end user. All error message text should be HTML entity encoded before being written to the log file to protect against potential cross-site scripting attacks against the viewer of the logs

CAPEC-170: Web Application Fingerprinting

An attacker sends a series of probes to a web application in order to elicit version-dependent and type-dependent behavior that assists in identifying the target. An attacker could learn information such as software versions, error pages, and response headers, variations in implementations of the HTTP protocol, directory structures, and other similar information about the targeted service. This information can then be used by an attacker to formulate a targeted attack plan. While web application fingerprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.

CAPEC-694: System Location Discovery

An adversary collects information about the target system in an attempt to identify the system's geographical location.

Information gathered could include keyboard layout, system language, and timezone. This information may benefit an adversary in confirming the desired target and/or tailoring further attacks.