VariantDraft

CWE-220Storage of File With Sensitive Data Under FTP Root

Category: data-exposure

Description

The product stores sensitive data under the FTP server root with insufficient access control, which might make it accessible to untrusted parties.

Common consequences· 1

  • Confidentiality — Read Application Data

Potential mitigations· 2

  • [Implementation, System Configuration]Avoid storing information under the FTP root directory.
  • [System Configuration]Access control permissions should be set to prevent reading/writing of sensitive files inside/outside of the FTP directory.

References

  1. https://cwe.mitre.org/data/definitions/220.html

Compliance frameworks addressing this (incoming)1

TypeTargetConfidenceTier
ComplianceControlnis2-art21i100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Storage of File with Sensitive Data Under Web Root
CWE
Storage of Sensitive Data in a Mechanism without Access Control
CWE
Insecure Storage of Sensitive Information
CWE
Files or Directories Accessible to External Parties
CWE
Insertion of Sensitive Information into Externally-Accessible File or Directory
CWE
Insertion of Sensitive Information into Log File
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.