CWE-922
Allowed-with-ReviewInsecure Storage of Sensitive Information
Abstraction: Class · Status: Incomplete
The product stores sensitive information without properly limiting read or write access by unauthorized actors.
437 vulnerabilities reference this CWE, most recent first.
GHSA-PQ42-5FQR-W8CX
Vulnerability from github – Published: 2024-11-26 12:41 – Updated: 2024-11-26 12:41The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the render_content function in class/elements/views/class-tabs-view.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
{
"affected": [],
"aliases": [
"CVE-2024-8899"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-26T11:22:09Z",
"severity": "MODERATE"
},
"details": "The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the render_content function in class/elements/views/class-tabs-view.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.",
"id": "GHSA-pq42-5fqr-w8cx",
"modified": "2024-11-26T12:41:37Z",
"published": "2024-11-26T12:41:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8899"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3193980/jeg-elementor-kit"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4efc9c47-321a-4635-943f-785ffc34d851?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PRW5-VH65-6497
Vulnerability from github – Published: 2022-09-13 00:00 – Updated: 2022-09-16 00:00Torguard VPN 4.8, has a vulnerability that allows an attacker to dump sensitive information, such as credentials and information about the server, without admin privileges.
{
"affected": [],
"aliases": [
"CVE-2022-37835"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-12T12:15:00Z",
"severity": "HIGH"
},
"details": "Torguard VPN 4.8, has a vulnerability that allows an attacker to dump sensitive information, such as credentials and information about the server, without admin privileges.",
"id": "GHSA-prw5-vh65-6497",
"modified": "2022-09-16T00:00:40Z",
"published": "2022-09-13T00:00:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37835"
},
{
"type": "WEB",
"url": "https://almorabea.net/cves/torguard.html"
},
{
"type": "WEB",
"url": "https://torguard.net"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PVGW-2QH3-CJ63
Vulnerability from github – Published: 2024-02-21 09:31 – Updated: 2025-11-04 21:31A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.
{
"affected": [],
"aliases": [
"CVE-2023-42878"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-21T07:15:50Z",
"severity": "MODERATE"
},
"details": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.",
"id": "GHSA-pvgw-2qh3-cj63",
"modified": "2025-11-04T21:31:11Z",
"published": "2024-02-21T09:31:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42878"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213982"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213984"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213988"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213982"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213984"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213988"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q2V2-27XW-WHH5
Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-05-24 17:41An issue was discovered on FiberHome HG6245D devices through RP2613. By default, there are no firewall rules for IPv6 connectivity, exposing the internal management interfaces to the Internet.
{
"affected": [],
"aliases": [
"CVE-2021-27170"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-10T19:15:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered on FiberHome HG6245D devices through RP2613. By default, there are no firewall rules for IPv6 connectivity, exposing the internal management interfaces to the Internet.",
"id": "GHSA-q2v2-27xw-whh5",
"modified": "2022-05-24T17:41:51Z",
"published": "2022-05-24T17:41:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27170"
},
{
"type": "WEB",
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#insecure-ipv6"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-Q4HF-CJ39-2G9P
Vulnerability from github – Published: 2024-10-29 00:31 – Updated: 2026-04-02 21:32An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to access user-sensitive data.
{
"affected": [],
"aliases": [
"CVE-2024-44216"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-28T22:15:02Z",
"severity": "MODERATE"
},
"details": "An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to access user-sensitive data.",
"id": "GHSA-q4hf-cj39-2g9p",
"modified": "2026-04-02T21:32:00Z",
"published": "2024-10-29T00:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44216"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121564"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121568"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121570"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Oct/11"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Oct/12"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Oct/13"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q63W-G4HG-GVCW
Vulnerability from github – Published: 2022-09-25 00:00 – Updated: 2022-09-27 00:00Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access.
{
"affected": [],
"aliases": [
"CVE-2022-41320"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-23T05:15:00Z",
"severity": "MODERATE"
},
"details": "Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access.",
"id": "GHSA-q63w-g4hg-gvcw",
"modified": "2022-09-27T00:00:20Z",
"published": "2022-09-25T00:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41320"
},
{
"type": "WEB",
"url": "https://www.veritas.com/content/support/en_US/security/VTS21-002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q6JH-8FJM-G6WR
Vulnerability from github – Published: 2023-12-29 03:30 – Updated: 2024-10-29 21:30Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak
{
"affected": [],
"aliases": [
"CVE-2023-23437"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-29T03:15:10Z",
"severity": "LOW"
},
"details": "\nSome Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak\n\n",
"id": "GHSA-q6jh-8fjm-g6wr",
"modified": "2024-10-29T21:30:44Z",
"published": "2023-12-29T03:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23437"
},
{
"type": "WEB",
"url": "https://www.hihonor.com/global/security/cve-2023-23437"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q6XQ-FWHH-M47H
Vulnerability from github – Published: 2023-05-08 21:31 – Updated: 2024-04-04 03:51A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to access user-sensitive data
{
"affected": [],
"aliases": [
"CVE-2023-23542"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-08T20:15:16Z",
"severity": "MODERATE"
},
"details": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to access user-sensitive data",
"id": "GHSA-q6xq-fwhh-m47h",
"modified": "2024-04-04T03:51:34Z",
"published": "2023-05-08T21:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23542"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213670"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213675"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213677"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q7MG-8RWJ-GMWQ
Vulnerability from github – Published: 2024-10-15 21:30 – Updated: 2024-11-08 15:31An issue in Ruijie NBR3000D-E Gateway allows a remote attacker to obtain sensitive information via the /tool/shell/postgresql.conf component.
{
"affected": [],
"aliases": [
"CVE-2024-48783"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-15T21:15:11Z",
"severity": "HIGH"
},
"details": "An issue in Ruijie NBR3000D-E Gateway allows a remote attacker to obtain sensitive information via the /tool/shell/postgresql.conf component.",
"id": "GHSA-q7mg-8rwj-gmwq",
"modified": "2024-11-08T15:31:11Z",
"published": "2024-10-15T21:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48783"
},
{
"type": "WEB",
"url": "https://gist.github.com/zty-1995/8495b81e8d257e8f6df102a32ec3c583"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q929-CPV5-C2HF
Vulnerability from github – Published: 2023-02-03 18:30 – Updated: 2023-02-10 03:30Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL.
{
"affected": [],
"aliases": [
"CVE-2021-36546"
],
"database_specific": {
"cwe_ids": [
"CWE-922"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-03T18:15:00Z",
"severity": "HIGH"
},
"details": "Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL.",
"id": "GHSA-q929-cpv5-c2hf",
"modified": "2023-02-10T03:30:20Z",
"published": "2023-02-03T18:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36546"
},
{
"type": "WEB",
"url": "https://github.com/Kitesky/KiteCMS/issues/10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.