BaseDraft

CWE-213Exposure of Sensitive Information Due to Incompatible Policies

Category: data-exposure

Description

The product's intended functionality exposes information to certain actors in accordance with the developer's security policy, but this information is regarded as sensitive according to the intended security policies of other stakeholders such as the product's administrator, users, or others whose information is being processed.

Common consequences· 1

  • Confidentiality — Read Application Data

References

  1. https://cwe.mitre.org/data/definitions/213.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Exposure of Sensitive Information to an Unauthorized Actor
CWE
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CWE
Exposure of Resource to Wrong Sphere
CWE
Improper Access Control
CWE
Improper Removal of Sensitive Information Before Storage or Transfer
CWE
External Control of Critical State Data
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.