CWE-202
Overview
- CWE ID
- 202
- CWE Name
- Exposure of Sensitive Information Through Data Queries
- CWE Abstraction
- Variant
- CWE structure
- Simple
- CWE Status
- Draft
Description
When trying to keep information confidential, an attacker can often infer some of the information by using statistics.
Extended Description
In situations where data should not be tied to individual users, but a large number of users should be able to make queries that "scrub" the identity of users, it may be possible to get information about a user -- e.g., by specifying search terms that are
Related CWEs
| CWE ID | View ID | Nature | Ordinal |
|---|---|---|---|
| 1230 | 1000 | ChildOf | Primary |