> There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component.
Quote from the CVSS specification
Vulnerabilities with this tag were given a CVSS rating as part of the
requirement to be included into the [National Vulnerability
Database](https://nvd.nist.gov/). You can learn more about what the individual
scores mean in the [CVSS specification