Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1230 — Vulnerability Class 22

22 vulnerabilities classified as CWE-1230. AI Chinese analysis included.

CWE-1230 represents a critical information disclosure weakness where applications restrict direct access to sensitive resources but fail to sanitize associated metadata. Attackers typically exploit this by analyzing file properties, database logs, or API responses to extract hidden details such as author names, creation dates, or internal file paths. This metadata often reveals organizational structure or sensitive context that bypasses primary access controls. To mitigate this risk, developers must implement comprehensive data sanitization protocols that strip or anonymize metadata before exposing any resource externally. This includes configuring web servers to hide server signatures, using libraries that remove EXIF data from images, and ensuring database queries do not return unnecessary diagnostic information. Regular security audits and automated scanning tools should be employed to detect unintended metadata exposure, ensuring that only essential, non-sensitive data is transmitted to end-users.

MITRE CWE Description
The product prevents direct access to a resource containing sensitive information, but it does not sufficiently limit access to metadata that is derived from the original, sensitive information. Developers might correctly prevent unauthorized access to a database or other resource containing sensitive information, but they might not consider that portions of the original information might also be recorded in metadata, search indices, statistical reports, or other resources. If these resources are not also restricted, then attackers might be able to extract some or all of the original information, or otherwise infer some details. For example, an attacker could specify search terms that are known to be unique to a particular person, or view metadata such as activity or creation dates in order to identify usage patterns.
Common Consequences (1)
ConfidentialityRead Application Data
CVE IDTitleCVSSSeverityPublished
CVE-2025-31959 HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images. — BigFix Service Management (SM) 3.5 Low2026-05-06
CVE-2026-29055 Tandoor Recipes: WebP and GIF Image Uploads Bypass EXIF/Metadata Stripping, Leaking GPS Coordinates and PII — recipes 5.3 Medium2026-03-26
CVE-2026-27661 Siemens SINEC Security Monitor 安全漏洞 — SINEC Security Monitor 4.3 Medium2026-03-10
CVE-2025-13084 Opto 22 groov View Exposure of Sensitive Information Through Metadata — groov View Server 7.6 High2025-11-26
CVE-2025-30038 Session ID leakage in Zone.Identifier of downloaded files — CGM CLININET 3.3AILowAI2025-08-27
CVE-2025-8713 PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table — PostgreSQL 3.1 Low2025-08-14
CVE-2025-47324 Exposure of Sensitive Information Through Metadata in Powerline Communication Firmware — Snapdragon 7.5 High2025-08-06
CVE-2023-50458 Dradis Framework 安全漏洞 — Dradis 3.5 Low2025-07-10
CVE-2025-48941 MyBB may disclosure unviewable threads' titles in searches — mybb 5.3 Medium2025-06-02
CVE-2024-9099 Exposure of Private API Keys in lunary-ai/lunary — lunary-ai/lunary 8.8 -2025-03-20
CVE-2024-9447 Exposure of Sensitive Information in transformeroptimus/superagi — transformeroptimus/superagi 6.5 -2025-03-20
CVE-2025-0330 Exposure of Sensitive Information in berriai/litellm — berriai/litellm 7.5 -2025-03-20
CVE-2025-1921 Google Chrome 安全漏洞 — Chrome 4.3 -2025-03-05
CVE-2025-26527 Non-searchable tags can still be discovered on the tag search page and in the tags block — moodle 5.3 Medium2025-02-24
CVE-2024-10324 RomethemeKit For Elementor <= 1.5.2 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates — RTMKit 4.3 Medium2025-01-24
CVE-2024-47517 Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access — Arista Edge Threat Management 6.8 Medium2025-01-10
CVE-2024-53291 Dell NativeEdge 安全漏洞 — NativeEdge 7.5 High2024-12-25
CVE-2024-49395 Mutt: neomutt: bcc email header field is indirectly leaked by cryptographic info block 5.3 Medium2024-11-12
CVE-2024-8910 HT Mega – Absolute Addons For Elementor <= 2.6.5 - Authenticated (Contributor+) Sensitive Information Exposure via template_id — HT Mega Addons for Elementor – Elementor Widgets & Template Builder 4.3 Medium2024-09-25
CVE-2023-6962 WP Meta SEO <= 4.5.12 - Information Exposure via Meta Description — WP Meta SEO 5.3 Medium2024-05-02
CVE-2023-32488 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 5.3 Medium2023-08-16
CVE-2023-1974 Exposure of Sensitive Information Through Metadata in answerdev/answer — answerdev/answer 6.5 -2023-04-11

Vulnerabilities classified as CWE-1230 represent 22 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.