CWE-202 - Exposure of Sensitive Information Through Data Queries
CWE-202 Medium
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Draft
- Weakness Name
Exposure of Sensitive Information Through Data Queries
- Description
When trying to keep information confidential, an attacker can often infer some of the information by using statistics.
In situations where data should not be tied to individual users, but a large number of users should be able to make queries that "scrub" the identity of users, it may be possible to get information about a user -- e.g., by specifying search terms that are known to be unique to that user.
- Common Consequences
Scope: Confidentiality
Impact: Read Files or Directories, Read Application Data
Notes: Sensitive information may possibly be leaked through data queries accidentally.
- Related Weaknesses
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2023-10-26
Free security scan for your website