CWE-200

The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows sensitive information to be displayed without proper authorization.

GUnet Open eClass Platform (aka openeclass) before 3.11 might allow remote attackers to read students’ submitted assessments because it does not ensure that the web server blocks directory listings, and the data directory is inside the web root by default.

Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables.

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user’s detail object in the whoAmI diagnostic page.

Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories.

BCC recipients in mails sent from OTRS are visible in article detail on external interface. This issue affects OTRS: 8.0.3 and prior versions, 7.0.17 and prior versions.