SYM_RB_0042 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Exposure of Sensitive Information to an Unauthorized Actor
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The application is configured to show detailed error or exception reports to users. This exposes internal system information, such as file paths, code snippets, or environment details, which should remain confidential.
Impact
If an attacker encounters an error, they could view sensitive system or code information, making it easier to find and exploit vulnerabilities. This exposure increases the risk of targeted attacks, data leaks, or unauthorized access to the application's internal workings.