CWE-202 Detail

CWE-202

Exposure of Sensitive Information Through Data Queries
Medium
Draft
2006-07-19
00h00 +00:00
2023-10-26
00h00 +00:00
CWE Mitre.org
Notifications for a CWE
Stay informed of any changes for a specific CWE.
Notifications manage

Name: Exposure of Sensitive Information Through Data Queries

When trying to keep information confidential, an attacker can often infer some of the information by using statistics.

CWE Description

In situations where data should not be tied to individual users, but a large number of users should be able to make queries that "scrub" the identity of users, it may be possible to get information about a user -- e.g., by specifying search terms that are known to be unique to that user.

General Informations

Modes Of Introduction

Architecture and Design
Implementation

Applicable Platforms

Language

Class: Not Language-Specific (Undetermined)

Common Consequences

Scope Impact Likelihood
ConfidentialityRead Files or Directories, Read Application Data

Note: Sensitive information may possibly be leaked through data queries accidentally.

Observed Examples

References Description

CVE-2022-41935

Wiki product allows an adversary to discover filenames via a series of queries starting with one letter and then iteratively extending the match.

Potential Mitigations

Phases : Architecture and Design
This is a complex topic. See the book Translucent Databases for a good discussion of best practices.

Vulnerability Mapping Notes

Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Comment : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

NotesNotes

The relationship between CWE-202 and CWE-612 needs to be investigated more closely, as they may be different descriptions of the same kind of problem. CWE-202 is also being considered for deprecation, as it is not clearly described and may have been misunderstood by CWE users. It could be argued that this issue is better covered by CAPEC; an attacker can utilize their data-query privileges to perform this kind of operation, and if the attacker should not be allowed to perform the operation - or if the sensitive data should not have been made accessible at all - then that is more appropriately classified as a separate CWE related to authorization (see the parent, CWE-1230).


References

REF-18

The CLASP Application Security Process
Secure Software, Inc..
https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf

Submission

Name Organization Date Date release Version
CLASP 2006-07-19 +00:00 2006-07-19 +00:00 Draft 3

Modifications

Name Organization Date Comment
Eric Dalci Cigital 2008-07-01 +00:00 updated Time_of_Introduction
CWE Content Team MITRE 2008-09-08 +00:00 updated Common_Consequences, Description, Relationships, Taxonomy_Mappings
CWE Content Team MITRE 2011-03-29 +00:00 updated Name
CWE Content Team MITRE 2011-06-01 +00:00 updated Common_Consequences
CWE Content Team MITRE 2012-05-11 +00:00 updated Related_Attack_Patterns, Relationships
CWE Content Team MITRE 2013-02-21 +00:00 updated Potential_Mitigations
CWE Content Team MITRE 2014-07-30 +00:00 updated Relationships
CWE Content Team MITRE 2017-05-03 +00:00 updated Related_Attack_Patterns
CWE Content Team MITRE 2017-11-08 +00:00 updated Applicable_Platforms
CWE Content Team MITRE 2020-02-24 +00:00 updated Maintenance_Notes, Name, References, Relationships
CWE Content Team MITRE 2023-04-27 +00:00 updated Relationships, Type
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2023-10-26 +00:00 updated Observed_Examples