Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-213 (故意性的信息暴露) — Vulnerability Class 28

28 vulnerabilities classified as CWE-213 (故意性的信息暴露). AI Chinese analysis included.

CWE-213 represents a critical design flaw where software exposes sensitive data because the developer’s security policies conflict with those of other stakeholders, such as administrators or end-users. This weakness typically arises when a system correctly implements its own internal controls but fails to recognize that the same data is classified as confidential under external regulatory or organizational mandates. Exploitation often occurs indirectly, as the application inadvertently leaks private information to unauthorized parties who rely on their own distinct security frameworks to identify the exposure. To prevent this vulnerability, developers must adopt a holistic security approach that integrates diverse policy requirements during the design phase. This involves conducting thorough threat modeling that considers all potential actors and their specific data handling expectations, ensuring that internal logic does not inadvertently violate external compliance standards or user privacy agreements.

MITRE CWE Description
The product's intended functionality exposes information to certain actors in accordance with the developer's security policy, but this information is regarded as sensitive according to the intended security policies of other stakeholders such as the product's administrator, users, or others whose information is being processed. When handling information, the developer must consider whether the information is regarded as sensitive by different stakeholders, such as users or administrators. Each stakeholder effectively has its own intended security policy that the product is expected to uphold. When a developer does not treat that information as sensitive, this can introduce a vulnerability that violates the expectations of the product's users.
Common Consequences (1)
ConfidentialityRead Application Data
Examples (1)
This code displays some information on a web page.
Social Security Number: <%= ssn %></br>Credit Card Number: <%= ccn %>
Bad · JSP
CVE IDTitleCVSSSeverityPublished
CVE-2025-52603 HCL Connections is vulnerable to information disclosure — Connections 3.5 Low2026-02-20
CVE-2025-54831 Apache Airflow: Connection sensitive details exposed to users with READ permissions — Apache Airflow 6.5 -2025-09-26
CVE-2024-49827 IBM Concert Software information disclosure — Concert Software 3.7 Low2025-08-18
CVE-2025-4976 Exposure of Sensitive Information Due to Incompatible Policies in GitLab — GitLab 4.3 Medium2025-07-24
CVE-2025-32791 Permission policy information leakage in Backstage permission system — backstage 4.3 Medium2025-04-16
CVE-2025-24316 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Exposure of Sensitive Information Due to Incompatible Policies — Dario Application Database and Internet-based Server Infrastructure 5.3 Medium2025-02-28
CVE-2024-49354 IBM Concert information disclosure — Concert Software 5.3 Medium2025-01-18
CVE-2023-5117 Exposure of Sensitive Information Due to Incompatible Policies in GitLab — GitLab 3.7 Low2024-12-25
CVE-2023-3441 Exposure of Sensitive Information Due to Incompatible Policies in GitLab — GitLab 6.6 Medium2024-10-01
CVE-2024-44121 Information Disclosure in SAP S/4 HANA (Statutory Reports) — SAP S/4 HANA (Statutory Reports) 4.3 Medium2024-09-10
CVE-2024-7267 Internal infrastructure data leak in EZD RP — EZD RP 6.5AIMediumAI2024-08-07
CVE-2023-6517 Seeing the SMS Verification Code in Mia Technology's Mia-Med — MİA-MED 7.5 High2024-02-08
CVE-2023-40570 Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users — datasette 5.3 Medium2023-08-25
CVE-2023-36919 Information Disclosure in SAP Enable Now — SAP Enable Now 5.3 Medium2023-07-11
CVE-2023-27465 Siemens SIMOTION 信息泄露漏洞 — SIMOTION C240 4.6 Medium2023-06-13
CVE-2022-39848 SAMSUNG Mobile devices 信息泄露漏洞 — Samsung Mobile Devices 4.0 Medium2022-10-07
CVE-2022-33696 SAMSUNG Mobile devices Telephony service 安全漏洞 — Samsung Mobile Devices 4.0 Medium2022-07-11
CVE-2022-33694 SAMSUNG Mobile devices CSC application 安全漏洞 — Samsung Mobile Devices 4.0 Medium2022-07-11
CVE-2022-33692 SAMSUNG Mobile devices Messaging 安全漏洞 — Samsung Mobile Devices 4.0 Medium2022-07-11
CVE-2022-30728 Samsung mobile 安全漏洞 — Samsung Mobile Devices 1.9 Low2022-06-07
CVE-2022-30714 Samsung mobile 安全漏洞 — Samsung Mobile Devices 1.9 Low2022-06-07
CVE-2022-28794 Samsung mobile 安全漏洞 — Samsung Mobile Devices 2.2 Low2022-06-07
CVE-2022-22541 SAP BusinessObjects Business Intelligence Platform 安全漏洞 — SAP BusinessObjects Business Intelligence Platform 6.5 -2022-04-12
CVE-2020-1652 Junos Space: OpenNMS is accessible via port 9443 — Junos Space 5.6 Medium2020-07-17
CVE-2017-3211 Centire Yopify leaks customer information — Yopify 5.3 Medium2020-01-15
CVE-2019-1010283 Univention Corporate Server univention-directory-notifier 信息泄露漏洞 — univention-directory-notifier 7.5 -2019-07-17
CVE-2019-10247 Eclipse Jetty 信息泄露漏洞 — Eclipse Jetty 5.3 -2019-04-22
CVE-2019-10246 Eclipse Jetty 信息泄露漏洞 — Eclipse Jetty 5.3 -2019-04-22

Vulnerabilities classified as CWE-213 (故意性的信息暴露) represent 28 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.