BaseDraft

CWE-538Insertion of Sensitive Information into Externally-Accessible File or Directory

Category: data-exposure

Description

The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.

Common consequences· 1

  • Confidentiality — Read Files or Directories

Potential mitigations· 1

  • [Architecture and Design, Operation, System Configuration]Do not expose file and directory information to the user.

Related CAPEC attack patterns· 1

CAPEC-95

References

  1. https://cwe.mitre.org/data/definitions/538.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternWSDL Scanningcapec-95100%live

(incoming)4

TypeTargetConfidenceTier
VulnerabilityCVE-2025-11079cve-2025-110790%live
VulnerabilityCVE-2025-12059cve-2025-120590%live
VulnerabilityCVE-2026-21672cve-2026-216720%live
VulnerabilityCVE-2026-27173cve-2026-271730%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Files or Directories Accessible to External Parties
CWE
Insertion of Sensitive Information into Log File
CWE
Storage of Sensitive Data in a Mechanism without Access Control
CWE
Cleartext Storage of Sensitive Information
CWE
Exposure of Sensitive Information to an Unauthorized Actor
CWE
Insecure Storage of Sensitive Information
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.