CWE-202

Exposure of Sensitive Information Through Data Queries

AI Translation Available

When trying to keep information confidential, an attacker can often infer some of the information by using statistics.

Status

draft

Abstraction

base

Likelihood

medium

Affected Platforms

Extended Description

AI Translation

In situations where data should not be tied to individual users, but a large number of users should be able to make queries that 'scrub' the identity of users, it may be possible to get information about a user -- e.g., by specifying search terms that are known to be unique to that user.

Technical Details

AI Translation

Common Consequences

confidentiality

Impacts

read files or directories read application data

Potential Mitigations

Phases:

architecture and design

Descriptions:

• This is a complex topic. See the [REF-1492] for a good discussion of best practices.

AI Generated Translation

Common Consequences

riservatezza

Impacts

leggere file o directory leggere dati applicazione

Potential Mitigations

Phases:

architettura e design

Descriptions:

• Questo è un argomento complesso. Consulta il [REF-1492] per una buona discussione sulle best practice.

CWE-202

Common Consequences

Impacts

Potential Mitigations

Common Consequences

Impacts

Potential Mitigations

Iscriviti alla newsletter