CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory
AI Translation Available
The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.
Status
draft
Abstraction
base
Affected Platforms
Technical Details
AI Translation
Common Consequences
confidentiality
Impacts
read files or directories
Detection Methods
automated static analysis
Potential Mitigations
Phases:
architecture and design
operation
system configuration
Descriptions:
•
Do not expose file and directory information to the user.