BaseIncomplete

CWE-766Critical Data Element Declared Public

Category: other

Description

The product declares a critical variable, field, or member to be public when intended security policy requires it to be private.

Common consequences· 2

  • Integrity / Confidentiality — Read Application Data, Modify Application Data
    Making a critical variable public allows anyone with access to the object in which the variable is contained to alter or read the value.
  • Other — Reduce Maintainability

Potential mitigations· 1

  • [Implementation]Data should be private, static, and final whenever possible. This will assure that your code is protected by instantiating early, preventing access, and preventing tampering.

References

  1. https://cwe.mitre.org/data/definitions/766.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Access to Critical Private Variable via Public Method
CWE
Private Data Structure Returned From A Public Method
CWE
Critical Public Variable Without Final Modifier
CWE
Insufficient Encapsulation
CWE
Generation of Error Message Containing Sensitive Information
CWE
Exposure of Sensitive Information to an Unauthorized Actor
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.