How severe is CVE-2020-15125?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.7 out of 10.

What type of vulnerability is CVE-2020-15125?

This is classified as CWE-209, which is a common weakness in software security.

CVE-2020-15125

HIGH Year: 2020

CVSS v3 Score

7.7

High

CVSS v2 Score

4.0

Medium

Weakness Type

CWE-209

View all →

Vulnerability Description

In auth0 (npm package) versions before 2.27.1, a DenyList of specific keys that should be sanitized from the request object contained in the error object is used. The key for Authorization header is not sanitized and in certain cases the Authorization header value can be logged exposing a bearer token. You are affected by this vulnerability if you are using the auth0 npm package, and you are using a Machine to Machine application authorized to use Auth0's management API

CVE-2024-11625

HIGH

CVSS:7.7(High)

Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, fro...

CWE-2092024

CVE-2025-22218

HIGH

CVSS:7.7(High)

VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated ...

CWE-2092025

CVE-2022-22162

HIGH

CVSS:7.8(High)

A Generation of Error Message Containing Sensitive Information vulnerability in the CLI of Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to elevate these to the...

CWE-2092022

CVE-2015-10012

HIGH

CVSS:7.5(High)

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the f...

CWE-2092015

CVE-2017-16629

HIGH

CVSS:7.5(High)

In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives an ...

CWE-2092017

CVE-2017-2594

HIGH

CVSS:7.5(High)

hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this ...

CWE-2092017

CVE-2020-15125

Vulnerability Description

Related Vulnerabilities

CVE-2024-11625

CVE-2025-22218

CVE-2022-22162

CVE-2015-10012

CVE-2017-16629

CVE-2017-2594