CWE-767: Access to Critical Private Variable via Public Method
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product defines a public method that reads or modifies a private variable.
扩展描述
If an attacker modifies the variable to contain unexpected values, this could violate assumptions from other parts of the code. Additionally, if an attacker can read the private variable, it may expose sensitive information or make it easier to launch further attacks.
常见后果
影响范围: Integrity Other
技术影响: Modify Application Data Other
潜在缓解措施
阶段: Implementation
描述: Use class accessor and mutator methods appropriately. Perform validation when accepting data from a public method that is intended to modify a critical private variable. Also be sure that appropriate access controls are being applied when a public method interfaces with critical data.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| CLASP | - | Failure to protect stored data from modification | - |
| Software Fault Patterns | SFP23 | Exposed Data | - |
| SEI CERT Perl Coding Standard | OOP31-PL | Do not access private variables or subroutines in other packages | Imprecise |