CWE-202 - Exposure of Sensitive Information Through Data Queries

CWE-202 Medium

Abstraction:
Base

Structure:
Simple

Status:
Draft

Weakness Name: Exposure of Sensitive Information Through Data Queries

Description: When trying to keep information confidential, an attacker can often infer some of the information by using statistics.
In situations where data should not be tied to individual users, but a large number of users should be able to make queries that "scrub" the identity of users, it may be possible to get information about a user -- e.g., by specifying search terms that are known to be unique to that user.

Common Consequences: Scope: Confidentiality
Impact: Read Files or Directories, Read Application Data
Notes: Sensitive information may possibly be leaked through data queries accidentally.

Related Weaknesses: CWE-1230Exposure of Sensitive Information Through Metadata

Release Date:
2006-07-19

Latest Modification Date:
2023-10-26

Free security scan for your website

Don't show website scan report rating on the leaderboard