CWE-213: Exposure of Sensitive Information Due to Incompatible Policies
ID
CWE-213
Abstraction
Base
Structure
Simple
Status
Draft
Number of CVEs
18
The product's intended functionality exposes information to certain actors in accordance with the developer's security policy, but this information is regarded as sensitive according to the intended security policies of other stakeholders such as the product's administrator, users, or others whose information is being processed.
When handling information, the developer must consider whether the information is regarded as sensitive by different stakeholders, such as users or administrators. Each stakeholder effectively has its own intended security policy that the product is expected to uphold. When a developer does not treat that information as sensitive, this can introduce a vulnerability that violates the expectations of the product's users.
Modes of Introduction
Phase | Note |
---|---|
Policy | This can occur when the product's policy does not account for all relevant stakeholders, or when the policies of other stakeholders are not interpreted properly. |
Requirements | This can occur when requirements do not explicitly account for all relevant stakeholders. |
Architecture and Design | Communications or data exchange frameworks may be chosen that exchange or provide access to more information than strictly needed. |
Implementation | This can occur when the developer does not properly track the flow of sensitive information and how it is exposed, e.g., via an API. |
Applicable Platforms
Type | Class | Name | Prevalence |
---|---|---|---|
Language | Not Language-Specific |
CVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |
Loading...