BaseIncomplete

CWE-767Access to Critical Private Variable via Public Method

Category: other

Description

The product defines a public method that reads or modifies a private variable. If an attacker modifies the variable to contain unexpected values, this could violate assumptions from other parts of the code. Additionally, if an attacker can read the private variable, it may expose sensitive information or make it easier to launch further attacks.

Common consequences· 1

  • Integrity / Other — Modify Application Data, Other

Potential mitigations· 1

  • [Implementation]Use class accessor and mutator methods appropriately. Perform validation when accepting data from a public method that is intended to modify a critical private variable. Also be sure that appropriate access controls are being applied when a public method interfaces with critical data.

References

  1. https://cwe.mitre.org/data/definitions/767.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Exposed Dangerous Method or Function
CWE
Critical Public Variable Without Final Modifier
CWE
Private Data Structure Returned From A Public Method
CWE
Incorrect Use of Privileged APIs
CWE
Use of Potentially Dangerous Function
CWE
Exposure of Sensitive Information to an Unauthorized Actor
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.