CWE-497
AllowedExposure of Sensitive System Information to an Unauthorized Control Sphere
Abstraction: Base · Status: Incomplete
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
669 vulnerabilities reference this CWE, most recent first.
GHSA-V2H6-HWP6-67QV
Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2026-01-20 15:32Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam Rehub rehub-theme allows Retrieve Embedded Sensitive Data.This issue affects Rehub: from n/a through <= 19.9.9.1.
{
"affected": [],
"aliases": [
"CVE-2025-67565"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-09T16:18:33Z",
"severity": "MODERATE"
},
"details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam Rehub rehub-theme allows Retrieve Embedded Sensitive Data.This issue affects Rehub: from n/a through \u003c= 19.9.9.1.",
"id": "GHSA-v2h6-hwp6-67qv",
"modified": "2026-01-20T15:32:11Z",
"published": "2025-12-09T18:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67565"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Theme/rehub-theme/vulnerability/wordpress-rehub-theme-19-9-9-1-sensitive-data-exposure-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Theme/rehub-theme/vulnerability/wordpress-rehub-theme-19-9-9-1-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-V579-4342-CJRP
Vulnerability from github – Published: 2025-05-28 09:31 – Updated: 2025-05-28 09:31A exposure of sensitive system information to an unauthorized control sphere in Fortinet FortiClientWindows versions 7.2.0 through 7.2.1 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup)
{
"affected": [],
"aliases": [
"CVE-2025-24473"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-28T08:15:21Z",
"severity": "LOW"
},
"details": "A exposure of sensitive system information to an unauthorized control sphere in Fortinet FortiClientWindows versions 7.2.0 through 7.2.1 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup)",
"id": "GHSA-v579-4342-cjrp",
"modified": "2025-05-28T09:31:26Z",
"published": "2025-05-28T09:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24473"
},
{
"type": "WEB",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-548"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-V63M-X9R9-8GQP
Vulnerability from github – Published: 2025-03-21 17:43 – Updated: 2025-10-14 21:58Summary
The AWS Cloud Development Kit (AWS CDK) [1] is an open-source software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. The AWS CDK CLI [2] is a command line tool for interacting with CDK applications. Customers can use the CDK CLI to create, manage, and deploy their AWS CDK projects.
An issue exists in the AWS CDK CLI where, under certain conditions, AWS credentials may be returned in the console output. Plugins that return an expirationproperty in the credentials object are affected by this issue. Plugins that omit the expiration property are not affected.
Impact
When customers run AWS CDK CLI commands with credential plugins and configure those plugins to return temporary credentials by including an expiration property, the AWS credentials retrieved by the plugin may be returned in the console output. Any user with access where the CDK CLI was ran would have access to this output.
The following are examples of configuring a custom credential plugin:
Via command line option:
cdk deploy --plugin /path/to/plugin
Via configuration file [3]:
{
"plugin": "/path/to/plugin"
}
Plugins that return an expiration property in the credentials object, such as the following example, are affected:
return {
accessKeyId: '<access-key>',
secretAccessKey: '<secret-access-key>',
sessionToken: '<session-token>',
expiration: <date>,
};
The expiration property indicates that the provided credentials are temporary.
Please refer to our "AWS CDK CLI Library" guide for more information about custom credential plugins [4].
Impacted versions: >=2.172.0 and <2.178.2
Patches
The issue has been addressed in version 2.178.2 [5]. We recommend upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes.
Workarounds
If you are unable to upgrade to version 2.178.2 or later, you can downgrade to version 2.171.1. If you are unable to downgrade, but have access to the code of the credential plugin you use, you can remove the expiration property from the object returned by the plugin.
For example, change the code from returning this:
return {
accessKeyId: assumeRoleOutput.Credentials.AccessKeyId,
secretAccessKey: assumeRoleOutput.Credentials.SecretAccessKey,
sessionToken: assumeRoleOutput.Credentials.SessionToken,
// Expiration indicates to the CLI that this is temporary
expiration: assumeRoleOutput.Credentials.Expiration,
};
To return this:
return {
accessKeyId: assumeRoleOutput.Credentials.AccessKeyId,
secretAccessKey: assumeRoleOutput.Credentials.SecretAccessKey,
sessionToken: assumeRoleOutput.Credentials.SessionToken,
};
Note that this will prevent the CDK CLI from refreshing the credentials when needed, and may cause your workflow to fail on an expired credentials error.
References
[1] https://docs.aws.amazon.com/cdk/v2/guide/home.html
[2] https://docs.aws.amazon.com/cdk/v2/guide/cli.html
[3] https://docs.aws.amazon.com/cdk/v2/guide/cli.html#cli-config
[4] https://www.npmjs.com/package/@aws-cdk/cli-plugin-contract
[5] https://github.com/aws/aws-cdk/releases/tag/v2.178.2
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "aws-cdk"
},
"ranges": [
{
"events": [
{
"introduced": "2.172.0"
},
{
"fixed": "2.178.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "cdk"
},
"ranges": [
{
"events": [
{
"introduced": "2.172.0"
},
{
"fixed": "2.178.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-2598"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-21T17:43:09Z",
"nvd_published_at": "2025-03-21T15:15:43Z",
"severity": "MODERATE"
},
"details": "## Summary\n\nThe AWS Cloud Development Kit (AWS CDK) [1] is an open-source software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. The AWS CDK CLI [2] is a command line tool for interacting with CDK applications. Customers can use the CDK CLI to create, manage, and deploy their AWS CDK projects. \n\nAn issue exists in the AWS CDK CLI where, under certain conditions, AWS credentials may be returned in the console output. Plugins that return an `expiration `property in the credentials object are affected by this issue. Plugins that omit the `expiration` property are not affected. \n\n## Impact\n\nWhen customers run AWS CDK CLI commands with credential plugins and configure those plugins to return temporary credentials by including an `expiration` property, the AWS credentials retrieved by the plugin may be returned in the console output. Any user with access where the CDK CLI was ran would have access to this output. \n\nThe following are examples of configuring a custom credential plugin: \n\n_Via command line option:_\n\n`cdk deploy --plugin /path/to/plugin`\n\n_Via configuration file [3]:_\n\n```json\n{\n \"plugin\": \"/path/to/plugin\"\n}\n```\n\nPlugins that return an `expiration` property in the credentials object, such as the following example, are affected:\n\n```console\nreturn {\n accessKeyId: \u0027\u003caccess-key\u003e\u0027,\n secretAccessKey: \u0027\u003csecret-access-key\u003e\u0027,\n sessionToken: \u0027\u003csession-token\u003e\u0027,\n expiration: \u003cdate\u003e,\n};\n```\n\nThe `expiration` property indicates that the provided credentials are temporary. \n\nPlease refer to our \"AWS CDK CLI Library\" guide for more information about custom credential plugins [4].\n\n## Impacted versions: \u003e=2.172.0 and \u003c2.178.2\n\n## Patches\n\nThe issue has been addressed in version 2.178.2 [5]. We recommend upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes. \n\n## Workarounds\n\nIf you are unable to upgrade to version 2.178.2 or later, you can downgrade to version 2.171.1. If you are unable to downgrade, but have access to the code of the credential plugin you use, you can remove the `expiration` property from the object returned by the plugin.\n\nFor example, change the code from returning this:\n\n```javascript\nreturn {\n accessKeyId: assumeRoleOutput.Credentials.AccessKeyId,\n secretAccessKey: assumeRoleOutput.Credentials.SecretAccessKey,\n sessionToken: assumeRoleOutput.Credentials.SessionToken,\n\n // Expiration indicates to the CLI that this is temporary\n expiration: assumeRoleOutput.Credentials.Expiration,\n};\n```\n\nTo return this:\n\n```javascript\nreturn {\n accessKeyId: assumeRoleOutput.Credentials.AccessKeyId,\n secretAccessKey: assumeRoleOutput.Credentials.SecretAccessKey,\n sessionToken: assumeRoleOutput.Credentials.SessionToken,\n};\n```\n\nNote that this will prevent the CDK CLI from refreshing the credentials when needed, and may cause your workflow to fail on an expired credentials error. \n\n## References\n\n[1] https://docs.aws.amazon.com/cdk/v2/guide/home.html\n\n[2] https://docs.aws.amazon.com/cdk/v2/guide/cli.html\n\n[3] https://docs.aws.amazon.com/cdk/v2/guide/cli.html#cli-config\n\n[4] https://www.npmjs.com/package/@aws-cdk/cli-plugin-contract\n\n[5] https://github.com/aws/aws-cdk/releases/tag/v2.178.2",
"id": "GHSA-v63m-x9r9-8gqp",
"modified": "2025-10-14T21:58:44Z",
"published": "2025-03-21T17:43:09Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/aws/aws-cdk/security/advisories/GHSA-v63m-x9r9-8gqp"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2598"
},
{
"type": "WEB",
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2025-005"
},
{
"type": "PACKAGE",
"url": "https://github.com/aws/aws-cdk"
},
{
"type": "WEB",
"url": "https://github.com/aws/aws-cdk/releases/tag/v2.178.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "AWS CDK CLI prints AWS credentials retrieved by custom credential plugins"
}
GHSA-V6CC-J2V5-W3JJ
Vulnerability from github – Published: 2024-01-19 21:30 – Updated: 2024-01-19 21:30An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier.
{
"affected": [],
"aliases": [
"CVE-2023-5081"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-19T20:15:12Z",
"severity": "LOW"
},
"details": "An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier. ",
"id": "GHSA-v6cc-j2v5-w3jj",
"modified": "2024-01-19T21:30:35Z",
"published": "2024-01-19T21:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5081"
},
{
"type": "WEB",
"url": "https://support.lenovo.com/us/en/product_security/LEN-142135"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-V8XJ-9MR9-JMPQ
Vulnerability from github – Published: 2025-12-18 06:30 – Updated: 2025-12-18 06:30Information disclosure while exposing internal TA-to-TA communication APIs to HLOS
{
"affected": [],
"aliases": [
"CVE-2025-47319"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-18T06:15:47Z",
"severity": "MODERATE"
},
"details": "Information disclosure while exposing internal TA-to-TA communication APIs to HLOS",
"id": "GHSA-v8xj-9mr9-jmpq",
"modified": "2025-12-18T06:30:13Z",
"published": "2025-12-18T06:30:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47319"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VCFF-HH69-QFJW
Vulnerability from github – Published: 2026-06-15 21:30 – Updated: 2026-06-15 21:30Subscriber Sensitive Data Exposure in Contest Gallery <= 28.1.7 versions.
{
"affected": [],
"aliases": [
"CVE-2026-42660"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-15T21:16:55Z",
"severity": "MODERATE"
},
"details": "Subscriber Sensitive Data Exposure in Contest Gallery \u003c= 28.1.7 versions.",
"id": "GHSA-vcff-hh69-qfjw",
"modified": "2026-06-15T21:30:47Z",
"published": "2026-06-15T21:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42660"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/contest-gallery/vulnerability/wordpress-contest-gallery-plugin-28-1-7-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VF32-GCPR-VGFQ
Vulnerability from github – Published: 2022-11-04 12:00 – Updated: 2024-02-12 21:30"IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 234292."
{
"affected": [],
"aliases": [
"CVE-2022-38710"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-312",
"CWE-319",
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-03T20:15:00Z",
"severity": "MODERATE"
},
"details": "\"IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 234292.\"",
"id": "GHSA-vf32-gcpr-vgfq",
"modified": "2024-02-12T21:30:54Z",
"published": "2022-11-04T12:00:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38710"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/234292"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6831681"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VF3W-MCMX-RX83
Vulnerability from github – Published: 2025-06-20 21:32 – Updated: 2025-06-20 21:32A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment information.
{
"affected": [],
"aliases": [
"CVE-2025-5416"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-20T16:15:29Z",
"severity": "LOW"
},
"details": "A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment information.",
"id": "GHSA-vf3w-mcmx-rx83",
"modified": "2025-06-20T21:32:06Z",
"published": "2025-06-20T21:32:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5416"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-5416"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369601"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VGX7-RC5C-7CXW
Vulnerability from github – Published: 2024-04-17 00:30 – Updated: 2024-04-17 00:30IBM Security Verify Privilege 11.6.25 could allow an unauthenticated actor to obtain sensitive information from the SOAP API. IBM X-Force ID: 287651.
{
"affected": [],
"aliases": [
"CVE-2024-31887"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-16T22:15:35Z",
"severity": "HIGH"
},
"details": "IBM Security Verify Privilege 11.6.25 could allow an unauthenticated actor to obtain sensitive information from the SOAP API. IBM X-Force ID: 287651.",
"id": "GHSA-vgx7-rc5c-7cxw",
"modified": "2024-04-17T00:30:57Z",
"published": "2024-04-17T00:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31887"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287651"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7148438"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VMH5-X928-7V6F
Vulnerability from github – Published: 2026-06-15 21:30 – Updated: 2026-06-15 21:30Subscriber Sensitive Data Exposure in WPPizza <= 3.19.9 versions.
{
"affected": [],
"aliases": [
"CVE-2026-40796"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-15T21:16:52Z",
"severity": "MODERATE"
},
"details": "Subscriber Sensitive Data Exposure in WPPizza \u003c= 3.19.9 versions.",
"id": "GHSA-vmh5-x928-7v6f",
"modified": "2026-06-15T21:30:46Z",
"published": "2026-06-15T21:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40796"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/wppizza/vulnerability/wordpress-wppizza-plugin-3-19-9-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Production applications should never use methods that generate internal details such as stack traces and error messages unless that information is directly committed to a log that is not viewable by the end user. All error message text should be HTML entity encoded before being written to the log file to protect against potential cross-site scripting attacks against the viewer of the logs
CAPEC-170: Web Application Fingerprinting
An attacker sends a series of probes to a web application in order to elicit version-dependent and type-dependent behavior that assists in identifying the target. An attacker could learn information such as software versions, error pages, and response headers, variations in implementations of the HTTP protocol, directory structures, and other similar information about the targeted service. This information can then be used by an attacker to formulate a targeted attack plan. While web application fingerprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
CAPEC-694: System Location Discovery
An adversary collects information about the target system in an attempt to identify the system's geographical location.
Information gathered could include keyboard layout, system language, and timezone. This information may benefit an adversary in confirming the desired target and/or tailoring further attacks.