CWE-1230: Exposure of Sensitive Information Through Metadata

Base Incomplete Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

The product prevents direct access to a resource containing sensitive information, but it does not sufficiently limit access to metadata that is derived from the original, sensitive information.

引入模式

阶段 说明
Architecture and Design -

适用平台

编程语言
Not Language-Specific (Undetermined)
操作系统
Not OS-Specific (Undetermined)
关键信息

CWE ID: CWE-1230

抽象级别: Base

结构: Simple

状态: Incomplete

相关弱点
ChildOf CWE-285

Improper Authorization

Class
返回列表