Exposure of Sensitive Information to an Unauthorized Actor
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The application is configured to show detailed error or exception reports to users. This exposes internal system information, such as file paths, code snippets, or environment details, which should remain confidential.
Impact#
If an attacker encounters an error, they could view sensitive system or code information, making it easier to find and exploit vulnerabilities. This exposure increases the risk of targeted attacks, data leaks, or unauthorized access to the application’s internal workings.