CWE-219 – Storage of File with Sensitive Data Under Web Root
Description The application stores sensitive data under the web document root with insufficient access control, which might make it accessible to untrusted parties. Besides public-facing...
CWE-218 – DEPRECATED: Failure to provide confidentiality for stored data
Description This weakness has been deprecated because it was a duplicate of CWE-493. All content has been transferred to CWE-493. Modes of Introduction: ...
CWE-217 – DEPRECATED: Failure to Protect Stored Data from Modification
Description This entry has been deprecated because it incorporated and confused multiple weaknesses. The issues formerly covered in this entry can be found at CWE-766...
CWE-216 – DEPRECATED: Containment Errors (Container Errors)
Description This entry has been deprecated, as it was not effective as a weakness and was structured more like a category. In addition, the name...
CWE-215 – Insertion of Sensitive Information Into Debugging Code
Description The application inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production. When debugging,...
CWE-214 – Invocation of Process Using Visible Sensitive Information
Description A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system....
CWE-213 – Exposure of Sensitive Information Due to Incompatible Policies
Description The product's intended functionality exposes information to certain actors in accordance with the developer's security policy, but this information is regarded as sensitive according...
CWE-212 – Improper Removal of Sensitive Information Before Storage or Transfer
Description The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes...
CWE-211 – Externally-Generated Error Message Containing Sensitive Information
Description The application performs an operation that triggers an external diagnostic or error message that is not directly generated or controlled by the application, such...
CWE-210 – Self-generated Error Message Containing Sensitive Information
Description The software identifies an error condition and creates its own diagnostic or error messages that contain sensitive information. Modes of Introduction: - Architecture and...
