CWE-201 - Insertion of Sensitive Information Into Sent Data

  • 摘要:Base
  • 结构:Simple
  • 状态:Draft
  • 发布日期:2006-07-19
  • 更新日期:2026-04-30

名称

Insertion of Sensitive Information Into Sent Data

描述

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

常见后果

范围:Confidentiality

影响:Read Files or Directories, Read Memory, Read Application Data

注释:Sensitive data may be exposed to attackers.

相关 CWE

CWE-200Exposure of Sensitive Information to an Unauthorized ActorHigh

CWE-202Exposure of Sensitive Information Through Data QueriesMedium

CWE-209Generation of Error Message Containing Sensitive InformationHigh

相关警报

Big Redirect Detected (Potential Sensitive Information Leak)Low

Multiple HREFs Redirect Detected (Potential Sensitive Information Leak)Low