CWE-1230(Exposure of Sensitive Information Through Metadata)は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。
The product prevents direct access to a resource containing sensitive information, but it does not sufficiently limit access to metadata that is derived from the original, sensitive information.
| 種別 | 名称 | クラス | 普遍性 | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Undetermined | — |
| operating_system | — | Not OS-Specific | Undetermined | — |
| architecture | — | Not Architecture-Specific | Undetermined | — |
これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。
| CVE | 公開 | 概要 |
|---|---|---|
| CVE-2025-59601 | 2026-06-01 | Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration. |
| CVE-2026-45544 | 2026-06-01 | Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only permissions in Nextcloud Tables. Thi… |
| CVE-2026-49270 | 2026-06-01 | Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Brokers that are configured with a network connector with syncDurable… |
| CVE-2025-31959 | 2026-05-06 | HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintention… |
| CVE-2026-29055 | 2026-03-26 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the image processing pipeline in Tandoor Recipes explicitly skips EXIF … |
| CVE-2026-27661 | 2026-03-10 | A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application leaks confidential information in metadata, and files such as information on contributor… |
| CVE-2025-13084 | 2025-11-26 | The users endpoint in the groov View API returns a list of all users and associated metadata including their API keys. This endpoint requires an Editor role to access and will display API keys for a… |
| CVE-2025-30038 | 2025-08-27 | The vulnerability consists of a session ID leak when saving a file downloaded from CGM CLININET. The identifier is exposed through a built-in Windows security feature that stores additional metadata i… |
| CVE-2025-8713 | 2025-08-14 | PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intend… |
| CVE-2025-47324 | 2025-08-06 | Information disclosure while accessing and modifying the PIB file of a remote device via powerline. |
| CVE-2023-50458 | 2025-07-10 | In Dradis before 4.11.0, the Output Console shows a job queue that may contain information about other users' jobs. |
| CVE-2025-48941 | 2025-06-02 | MyBB is free and open source forum software. Prior to version 1.8.39, the search component does not validate permissions correctly, which allows attackers to determine the existence of hidden (draft, … |
| CVE-2025-0330 | 2025-03-20 | In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive informati… |
| CVE-2024-9447 | 2025-03-20 | An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The `/get/organisation/` endpoint does not verify the user's organization, allowing any authenticat… |
| CVE-2024-9099 | 2025-03-20 | In lunary-ai/lunary version v1.4.29, the GET /projects API endpoint exposes both public and private API keys for all projects to users with minimal permissions, such as Viewers or Prompt Editors. This… |
| CVE-2025-1921 | 2025-03-04 | Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. (Chromium security seve… |
| CVE-2025-26527 | 2025-02-24 | Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block. |
| CVE-2024-10324 | 2025-01-24 | The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the register_controls function in widgets/offcanvas-… |
| CVE-2024-47517 | 2025-01-10 | Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access |
| CVE-2024-53291 | 2024-12-25 | Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Exposure of Sensitive Information Through Metadata vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulne… |
| 日付 | 名称 | バージョン | 重要度 | コメント |
|---|---|---|---|---|
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Relationships, Time_of_Introduction |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Common_Consequences, Weakness_Ordinalities |