Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-201 (通过发送数据的信息暴露) — Vulnerability Class 285

285 vulnerabilities classified as CWE-201 (通过发送数据的信息暴露). AI Chinese analysis included.

CWE-201 represents an information exposure weakness where software inadvertently transmits sensitive data to unauthorized external actors. This vulnerability typically arises when developers fail to sanitize output streams, allowing credentials, personal identifiable information, or internal system states to leak through network logs, error messages, or API responses. Attackers exploit this by intercepting traffic or analyzing server-side feedback to harvest critical secrets, facilitating further unauthorized access or identity theft. To mitigate this risk, developers must implement strict data filtering and validation protocols before transmission. Utilizing secure logging frameworks that mask sensitive fields, employing encryption for data in transit, and conducting regular code reviews to identify accidental data leaks are essential practices. Ensuring that only necessary, non-sensitive information is shared with external entities significantly reduces the attack surface and protects user privacy.

MITRE CWE Description
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
Common Consequences (1)
ConfidentialityRead Files or Directories, Read Memory, Read Application Data
Sensitive data may be exposed to attackers.
Mitigations (4)
RequirementsSpecify which data in the software should be regarded as sensitive. Consider which types of users should have access to which types of data.
ImplementationEnsure that any possibly sensitive data specified in the requirements is verified with designers to ensure that it is either a calculated risk or mitigated elsewhere. Any information that is not necessary to the functionality should be removed in order to lower both the overhead and the possibility of security sensitive data being sent.
System ConfigurationSetup default error messages so that unexpected errors do not disclose sensitive information.
Architecture and DesignCompartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separatio…
Examples (1)
The following is an actual MySQL error statement:
Warning: mysql_pconnect(): Access denied for user: 'root@localhost' (Using password: N1nj4) in /usr/local/www/wi-data/includes/database.inc on line 4
Result · SQL
CVE IDTitleCVSSSeverityPublished
CVE-2024-6586 Lightdash 安全漏洞 — Lightdash 7.2 -2024-08-30
CVE-2024-43230 WordPress Shared Files – Premium Download Manager & Secure File Sharing with Frontend File Upload plugin <= 1.7.28 - Sensitive Data Exposure vulnerability — Shared Files 5.3 Medium2024-08-26
CVE-2024-43259 WordPress Order Export for WooCommerce plugin <= 3.23 - Sensitive Data Exposure vulnerability — Order Export for WooCommerce 5.3 Medium2024-08-26
CVE-2024-43264 WordPress Create by Mediavine plugin <= 1.9.8 - Sensitive Data Exposure vulnerability — Create by Mediavine 5.3 Medium2024-08-26
CVE-2024-43283 WordPress Contest Gallery plugin <= 23.1.2 - Unauthenticated Comment UserID And IP address Disclosure vulnerability — Contest Gallery 5.3 Medium2024-08-26
CVE-2024-38787 WordPress Import and export users and customers plugin <= 1.26.8 - Sensitive Information via Imported File vulnerability — Import and export users and customers 7.5 High2024-08-13
CVE-2024-31200 Plug and Track Sensor Net Connect 安全漏洞 — Sensor Net Connect V2 4.2 Medium2024-07-31
CVE-2024-7205 sharing unnecessary device-sensitive information allows Secondary user able to take over devices as primary user — eWeLink Cloud Service 8.8AIHighAI2024-07-31
CVE-2024-38372 Undici vulnerable to data leak when using response.arrayBuffer() — undici 2.0 Low2024-07-08
CVE-2024-39315 Pomerium exposed OAuth2 access and ID tokens in user info endpoint response — pomerium 5.7 Medium2024-07-02
CVE-2024-5213 Exposure of Sensitive Information in mintplex-labs/anything-llm — mintplex-labs/anything-llm 7.5AIHighAI2024-06-20
CVE-2024-35189 Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints in Fides — fides 6.5 Medium2024-05-30
CVE-2024-34812 WordPress ShopBuilder plugin <= 2.1.8 - Sensitive Data Exposure vulnerability — ShopBuilder – Elementor WooCommerce Builder Addons 5.3 Medium2024-05-13
CVE-2024-34556 WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.5.4 - Sensitive Data Exposure via Exported File vulnerability — Barcode Scanner with Inventory & Order Manager 5.3 Medium2024-05-09
CVE-2024-4536 Eclipse EDC: OAuth2 Credential Exfiltration Vulnerability — EDC 6.8 Medium2024-05-07
CVE-2024-32782 WordPress HT Mega plugin <= 2.4.7 - Sensitive Data Exposure vulnerability — HT Mega 4.3 Medium2024-04-24
CVE-2024-32796 WordPress WP Fusion Lite plugin <= 3.42.10 - Sensitive Data Exposure vulnerability — WP Fusion Lite 4.3 Medium2024-04-24
CVE-2024-32825 WordPress Simply Static plugin <= 3.1.3 - Sensitive Data Exposure via Log File vulnerability — Simply Static 7.5 High2024-04-24
CVE-2023-6916 Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1 — Guardian 7.2 High2024-04-10
CVE-2024-31278 WordPress Premium Addons for Elementor plugin <= 4.10.22 - Sensitive Data Exposure vulnerability — Premium Addons for Elementor 4.3 Medium2024-04-10
CVE-2024-28173 JetBrains TeamCity 安全漏洞 — TeamCity 4.3 Medium2024-03-06
CVE-2024-1435 WordPress Tainacan plugin <= 0.20.6 - Sensitive Data Exposure via Log File vulnerability — Tainacan 5.3 Medium2024-02-29
CVE-2024-26270 Liferay Portal 和 Liferay DXP 安全漏洞 — Portal 6.5 Medium2024-02-20
CVE-2024-25150 Liferay Portal和Liferay DXP 安全漏洞 — Portal 4.3 Medium2024-02-20
CVE-2024-25148 Liferay Portal和Liferay DXP 安全漏洞 — Portal 5.4 Medium2024-02-08
CVE-2024-23506 WordPress InstaWP Connect plugin <= 0.1.0.9 - Sensitive Data Exposure vulnerability — InstaWP Connect 7.7 High2024-01-26
CVE-2023-49261 Sensitive authentication-related value accessible publicly — H8951-4G-ESP 7.5 -2024-01-12
CVE-2023-49594 DuoUniversalKeycloakAuthenticator 安全漏洞 — DuoUniversalKeycloakAuthenticator 4.5 Medium2023-12-23
CVE-2023-3949 Insertion of Sensitive Information Into Sent Data in GitLab — GitLab 5.3 Medium2023-12-01
CVE-2023-48240 XWiki Platform sends cookies to external images in rendered diff and is vulnerable to server side request forgery — xwiki-platform 9.1 Critical2023-11-20

Vulnerabilities classified as CWE-201 (通过发送数据的信息暴露) represent 285 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.