CWE-538

Insertion of Sensitive Information into Externally-Accessible File or Directory

Base

What it is

The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.

Impact

Confidentiality

Read Files or Directories

Mitigations

[Architecture and Design, Operation, System Configuration] Do not expose file and directory information to the user.

Real-world CVE examples

CVE-2018-1999036 — SSH password for private key stored in build log

Related weaknesses

CWE-200 (childof)

Test & detect

Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.

Source: MITRE CWE. View on cwe.mitre.org →