CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory
- Abstraction:Base
- Structure:Simple
- Status:Draft
- Release Date:2006-07-19
- Latest Modification Date:2023-10-26
Weakness Name
Insertion of Sensitive Information into Externally-Accessible File or Directory
Description
The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.
Common Consequences
Scope: Confidentiality
Impact: Read Files or Directories
Related Weaknesses
CWE-200Exposure of Sensitive Information to an Unauthorized ActorHigh
Related Alerts
Hidden File FoundMedium