CWE-214: Invocation of Process Using Visible Sensitive Information
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system.
扩展描述
Many operating systems allow a user to list information about processes that are owned by other users. Other users could see information such as command line arguments or environment variable settings. When this data contains sensitive information such as credentials, it might allow other users to launch an attack against the product or related resources.
常见后果
影响范围: Confidentiality
技术影响: Read Application Data
观察示例
参考: CVE-2005-1387
password passed on command line
参考: CVE-2005-2291
password passed on command line
参考: CVE-2001-1565
username/password on command line allows local users to view via "ps" or other process listing programs
参考: CVE-2004-1948
Username/password on command line allows local users to view via "ps" or other process listing programs.
参考: CVE-1999-1270
PGP passphrase provided as command line argument.
参考: CVE-2004-1058
Kernel race condition allows reading of environment variables of a process that is still spawning.
参考: CVE-2021-32638
Code analysis product passes access tokens as a command-line parameter or through an environment variable, making them visible to other processes via the ps command.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | REALIZATION: This weakness is caused during implementation of an architectural security tactic. |
| Operation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| PLOVER | - | Process information infoleak to other processes | - |
| Software Fault Patterns | SFP23 | Exposed Data | - |