BaseIncomplete

CWE-214Invocation of Process Using Visible Sensitive Information

Category: data-exposure

Description

A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system. Many operating systems allow a user to list information about processes that are owned by other users. Other users could see information such as command line arguments or environment variable settings. When this data contains sensitive information such as credentials, it might allow other users to launch an attack against the product or related resources.

Common consequences· 1

  • Confidentiality — Read Application Data

References

  1. https://cwe.mitre.org/data/definitions/214.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Process Control
CWE
External Control of System or Configuration Setting
CWE
Exposure of Sensitive Information to an Unauthorized Actor
CWE
Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')
CWE
External Initialization of Trusted Variables or Data Stores
CWE
Exposure of Sensitive Information Due to Incompatible Policies
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.