CVE-2020-14337

MEDIUM Year: 2020
CVSS v3 Score
5.8
Medium
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-209
View all →

Vulnerability Description

A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. This flaw allows an unauthenticated, remote attacker to retrieve pages from the default organization and verify existing usernames. The highest threat from this vulnerability is to data confidentiality.

Related Vulnerabilities

CVE-2025-0941

MEDIUM
CVSS:5.8(Medium)

MET ONE 3400+ instruments running software v1.0.41 can, under rare conditions, temporarily store credentials in plain text within the system. This data is not available to unauthenticated users.

CWE-2092025

CVE-2025-46746

MEDIUM
CVSS:5.8(Medium)

An administrator could discover another account's credentials.

CWE-2092025

CVE-2023-6944

MEDIUM
CVSS:5.7(Medium)

A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the s...

CWE-2092023

CVE-2024-23945

MEDIUM
CVSS:5.9(Medium)

Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying th...

CWE-2092024

CVE-2020-25778

MEDIUM
CVSS:6.0(Medium)

Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension where an attacker could supply a kernel pointer and leak several bytes of memory. An attacker must firs...

CWE-2092020

CVE-2016-9459

MEDIUM
CVSS:6.1(Medium)

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is ...

CWE-2092016