CWE-538β€”Insertion of Sensitive Information into Externally-Accessible File or Directory

PUBLISHEDweakness record
released 2006-07-19 Β· last modified 2025-12-11

Metadata

CWE ID:
CWE-538
Abstraction:
Base
Structure:
Simple
Status:
Draft
Release Date:
2006-07-19
Latest Modification Date:
2025-12-11

Weakness Name

Insertion of Sensitive Information into Externally-Accessible File or Directory

Description

The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.

Common Consequences

Scope:
Confidentiality
Impact:
Read Files or Directories

Related Weaknesses

Related Alerts