Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-201 (通过发送数据的信息暴露) — Vulnerability Class 285

285 vulnerabilities classified as CWE-201 (通过发送数据的信息暴露). AI Chinese analysis included.

CWE-201 represents an information exposure weakness where software inadvertently transmits sensitive data to unauthorized external actors. This vulnerability typically arises when developers fail to sanitize output streams, allowing credentials, personal identifiable information, or internal system states to leak through network logs, error messages, or API responses. Attackers exploit this by intercepting traffic or analyzing server-side feedback to harvest critical secrets, facilitating further unauthorized access or identity theft. To mitigate this risk, developers must implement strict data filtering and validation protocols before transmission. Utilizing secure logging frameworks that mask sensitive fields, employing encryption for data in transit, and conducting regular code reviews to identify accidental data leaks are essential practices. Ensuring that only necessary, non-sensitive information is shared with external entities significantly reduces the attack surface and protects user privacy.

MITRE CWE Description
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
Common Consequences (1)
ConfidentialityRead Files or Directories, Read Memory, Read Application Data
Sensitive data may be exposed to attackers.
Mitigations (4)
RequirementsSpecify which data in the software should be regarded as sensitive. Consider which types of users should have access to which types of data.
ImplementationEnsure that any possibly sensitive data specified in the requirements is verified with designers to ensure that it is either a calculated risk or mitigated elsewhere. Any information that is not necessary to the functionality should be removed in order to lower both the overhead and the possibility of security sensitive data being sent.
System ConfigurationSetup default error messages so that unexpected errors do not disclose sensitive information.
Architecture and DesignCompartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separatio…
Examples (1)
The following is an actual MySQL error statement:
Warning: mysql_pconnect(): Access denied for user: 'root@localhost' (Using password: N1nj4) in /usr/local/www/wi-data/includes/database.inc on line 4
Result · SQL
CVE IDTitleCVSSSeverityPublished
CVE-2023-3399 Insertion of Sensitive Information Into Sent Data in GitLab — GitLab 8.5 High2023-11-06
CVE-2023-5831 Insertion of Sensitive Information Into Sent Data in GitLab — GitLab 3.7 Low2023-11-06
CVE-2023-32275 SoftEther VPN 信息泄露漏洞 — SoftEther VPN 5.5 Medium2023-10-12
CVE-2023-3413 Insertion of Sensitive Information Into Sent Data in GitLab — GitLab 6.5 Medium2023-09-29
CVE-2023-4378 Insertion of Sensitive Information Into Sent Data in GitLab — GitLab 5.5 Medium2023-09-01
CVE-2023-4002 Insertion of Sensitive Information Into Sent Data in GitLab — GitLab 5.3 Medium2023-08-04
CVE-2023-1401 Insertion of Sensitive Information Into Sent Data in GitLab — GitLab 5.0 Medium2023-07-26
CVE-2023-3102 Insertion of Sensitive Information Into Sent Data in GitLab — GitLab 5.3 Medium2023-07-21
CVE-2023-34968 Samba: spotlight server-side share path disclosure — Red Hat Enterprise Linux 8 5.3 Medium2023-07-20
CVE-2023-3299 Nomad Caller ACL Token's Secret ID is Exposed to Sentinel — Nomad Enterprise 3.4 Low2023-07-19
CVE-2023-2620 Insertion of Sensitive Information Into Sent Data in GitLab — GitLab 5.5 Medium2023-07-13
CVE-2023-1825 Insertion of Sensitive Information Into Sent Data in GitLab — GitLab 3.1 Low2023-06-07
CVE-2023-1975 Insertion of Sensitive Information Into Sent Data in answerdev/answer — answerdev/answer 6.5 -2023-04-11
CVE-2023-28117 Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True` — sentry-python 7.6 High2023-03-22
CVE-2022-23488 BigBlueButton vulnerable to Insertion of Sensitive Information Into Sent Data — bigbluebutton 6.5 Medium2022-12-17
CVE-2020-8975 ZGR TPS200 NG Information Exposure — ZGR TPS200 NG 7.5 High2022-10-17
CVE-2020-27784 Linux kernel 资源管理错误漏洞 — kernel 7.1 -2022-09-01
CVE-2022-27779 curl 安全漏洞 — https://github.com/curl/curl 5.3 -2022-06-01
CVE-2022-27671 SAP Web dispatcher安全漏洞 — SAP BusinessObjects Business Intelligence Platform 6.5 -2022-04-12
CVE-2022-0018 GlobalProtect App: Information Exposure Vulnerability When Connecting to GlobalProtect Portal With Single Sign-On Enabled — GlobalProtect App 6.1 Medium2022-02-10
CVE-2021-34771 Cisco IOS XR Software Unauthorized Information Disclosure Vulnerability — Cisco IOS XR Software 5.5 Medium2021-09-09
CVE-2021-32653 Default settings leak federated cloud ID to lookup server of all users — security-advisories 2.7 Low2021-06-01
CVE-2020-27748 xdg-utils 安全漏洞 — xdg-utils 6.5 -2021-06-01
CVE-2021-23019 F5 NGINX Controller 安全漏洞 — Nginx Controller 7.8 -2021-06-01
CVE-2021-26566 Synology DiskStation Manager 信息泄露漏洞 — Synology DiskStation Manager (DSM) 8.3 High2021-02-26
CVE-2021-1128 Cisco IOS XR Software Unauthorized Information Disclosure Vulnerability — Cisco IOS XR Software 5.5 Medium2021-02-04
CVE-2021-1129 Cisco Email Security Appliance, Cisco Content Security Management Appliance, and Cisco Web Security Appliance Information Disclosure Vulnerability — Cisco Web Security Appliance (WSA) 5.3 Medium2021-01-20
CVE-2020-26085 Cisco Jabber Desktop and Mobile Client Software Vulnerabilities — Cisco Jabber 9.9 Critical2021-01-06
CVE-2020-27134 Cisco Jabber Desktop and Mobile Client Software Vulnerabilities — Cisco Jabber 9.9 Critical2020-12-11
CVE-2020-27133 Cisco Jabber Desktop and Mobile Client Software Vulnerabilities — Cisco Jabber 9.9 Critical2020-12-11

Vulnerabilities classified as CWE-201 (通过发送数据的信息暴露) represent 285 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.