This weakness describes intentional or unintentional disclosure of information that is considered sensitive. First of all it affects confidentiality of data.
The information is considered sensitive when:
It is sensitive within the product functionality (e.g. information with restricted access, private messages, etc.)
It contains data about the product itself, its environment or the related system that is not intended be disclosed by the application.
The vulnerability is introduced during Architecture and Design, Implementation stages.
Latest vulnerabilities for CWE-200
Description of CWE-200 on Mitre website