A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756.
S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor that is not explicitly authorized to have access to that information, which could compromise Confidentiality.
AccuPOS - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. Prior to versions 2.20.6, 2.19.6, and 2.18.7, anonymous users can obtain sensitive information about GeoNode configurations from the response of the `/geoserver/rest/about/status` Geoserver REST API endpoint. The Geoserver endpoint is secured by default, but the configuration of Geoserver for GeoNode opens a list of REST endpoints to support some of its public-facing services. The vulnerability impacts both GeoNode 3 and GeoNode 4 instances. Geoserver security configuration is provided by `geoserver-geonode-ext`. A patch for 2.20.7 has been released which blocks access to the affected endpoint. The patch has been backported to branches 2.20.6, 2.19.7, 2.19.6, and 2.18.7. All the published artifacts and Docker images have been updated accordingly. A more advanced patch has been applied to the master and development versions, which require some changes to GeoNode code. They will be available with the next 4.1.0 release. The patched configuration only has an effect on new deployments. For existing setups, the patch must be applied manually inside the Geoserver data directory. The patched file must replace the existing `<geoserver_datadir>/security/rest.properties` file.
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. `If-Modified-Since` and `If-Unmodified-Since` headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not on the server on a specific bucket and also gain access to some amount of information such as `Last-Modified (of the latest version)`, `Etag (of the latest version)`, `x-amz-version-id (of the latest version)`, `Expires (metadata value of the latest version)`, `Cache-Control (metadata value of the latest version)`. This conditional check was being honored before validating if the anonymous access is indeed allowed on the metadata of an object. This issue has been addressed in commit `e0fe7cc3917`. Users must upgrade to RELEASE.2024-05-27T19-17-46Z for the fix. There are no known workarounds for this issue.
A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in cleartext.
IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure configuration. IBM X-Force ID: 222592.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Themeisle Otter Blocks PRO.This issue affects Otter Blocks PRO: from n/a through 2.6.11.
The Skoda Automotive cloud contains a Broken Access Control vulnerability, allowing remote attackers to obtain recent trip data, vehicle mileage, fuel consumption, average and maximum speed, and other information of Skoda Connect service users by specifying an arbitrary vehicle VIN number.
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend.
The Skoda Automotive cloud contains a Broken Access Control vulnerability, allowing to obtain nicknames and other user identifiers of Skoda Connect service users by specifying an arbitrary vehicle VIN number.
The issue was addressed with improved handling of protocols. This issue is fixed in macOS Ventura 13.7.5, macOS Sonoma 14.7.5. An attacker in a privileged network position can track a user's activity.
In some configuration scenarios, the Domino server host name can be exposed. This information could be used to target future attacks.
A security flaw has been discovered in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file /auth/info. The manipulation results in information disclosure. The attack can be launched remotely. The exploit has been released to the public and may be exploited.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team Filebird.This issue affects Filebird: from n/a through 5.6.3.
A privacy issue was addressed by removing sensitive data. This issue is fixed in Xcode 16. An attacker may be able to determine the Apple ID of the owner of the computer.
Cybonet - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API.
Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through 2.1.8.
PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local files.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in RoboSoft Robo Gallery.This issue affects Robo Gallery: from n/a through 3.2.18.
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions the welcome and about page includes version and revision information about the software in use (including library and components used). This information is sensitive from a security point of view because it allows software used by the server to be easily identified. This issue has been patched in version 2.26.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
MantisBT (Mantis Bug Tracker) is an open source issue tracker. If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the link, link label, and tooltip. This can result in disclosure of the existence of the note, the note author name, the note creation timestamp, and the issue id the note belongs to. Version 2.26.2 contains a patch for the issue. No known workarounds are available.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.4.
SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, allows an attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to execute malicious requests, resulting in sensitive information disclosure. This causes limited impact on confidentiality of data.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gutenify.This issue affects Gutenify: from n/a through 1.4.0.
IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905.
PrestaShop is an open source e-commerce web application. In PrestaShop 8.1.5, any invoice can be downloaded from front-office in anonymous mode, by supplying a random secure_key parameter in the url. This issue is patched in version 8.1.6. No known workarounds are available.
Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: * validate_doc_update * list * filter * filter views (using view functions as filters) * rewrite * update This doesn't affect map/reduce or search (Dreyfus) index functions. Users are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3). Workaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.25.
Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue.
Discourse is an open source discussion platform. Prior to version 2.8.0.beta11 in the `tests-passed` branch, version 2.8.0.beta11 in the `beta` branch, and version 2.7.13 in the `stable` branch, the bios of users who made their profiles private were still visible in the `<meta>` tags on their users' pages. The problem is patched in `tests-passed` version 2.8.0.beta11, `beta` version 2.8.0.beta11, and `stable` version 2.7.13 of Discourse.
Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8.
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads before audit logging them which allows a high privileged attacker with access to the audit logs to read message contents.
Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. Dapr sends the app token of the invoker app instead of the app token of the invoked app. This causes of a leak of the application token of the invoker app to the invoked app when using Dapr as a gRPC proxy for remote service invocation. This vulnerability impacts Dapr users who use Dapr as a gRPC proxy for remote service invocation as well as the Dapr App API token functionality. An attacker could exploit this vulnerability to gain access to the app token of the invoker app, potentially compromising security and authentication mechanisms. This vulnerability was patched in version 1.13.3.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Contact Form Widget.This issue affects Contact Form Widget: from n/a through 1.3.9.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mooberry Dreams Mooberry Book Manager.This issue affects Mooberry Book Manager: from n/a through 4.15.12.
In XIQ-SE before 24.2.11, a server misconfiguration may allow user enumeration when specific conditions are met.
Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization vulnerability in ThemeSphere SmartMag allows Excavation, Accessing Functionality Not Properly Constrained by ACLs.This issue affects SmartMag: from n/a through 9.3.0.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Fastline Media LLC Assistant – Every Day Productivity Apps.This issue affects Assistant – Every Day Productivity Apps: from n/a through 1.4.9.1.
Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in User Meta user-meta.This issue affects User Meta: from n/a through 3.0.
GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServletResponse) has no check to hide potentially sensitive information from users except for a hidden system property to hide the storage locations that defaults to showing the locations. This vulnerability is fixed in 2.26.2 and 2.25.6.
An information leak in the NetIQ IDM ServiceNow Driver before 1.0.0.1 could expose cryptographic attributes to logged-in users.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StreamWeasels StreamWeasels Twitch Integration.This issue affects StreamWeasels Twitch Integration: from n/a through 1.7.8.
An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive.
The webreport generation feature in the Danfoss AK-EM100 allows an unauthorized actor to generate a web report that discloses sensitive information such as the internal IP address, usernames and internal device values.
Discourse is an open source platform for community discussion. Tags that are normally private are showing in metadata. This affects any site running the `tests-passed` or `beta` branches >= 3.1.0.beta2. The issue is patched in the latest `beta` and `tests-passed` version of Discourse.
Zitadel is an open source identity management system. In case ZITADEL could not connect to the database, connection information including db name, username and db host name could be returned to the user. This has been addressed in all supported release branches in a point release. There is no workaround since a patch is already available. Users are advised to upgrade.