CWE-612
Overview
- CWE ID
- 612
- CWE Name
- Improper Authorization of Index Containing Sensitive Information
- CWE Abstraction
- Base
- CWE structure
- Simple
- CWE Status
- Draft
Description
The product creates a search index of private or sensitive documents, but it does not properly limit index access to actors who are authorized to see the original information.
Extended Description
Web sites and other document repositories may apply an indexing routine against a group of private documents to facilitate search. If the index's results are available to parties who do not have access to the documents being indexed, then attackers could
Related CWEs
| CWE ID | View ID | Nature | Ordinal |
|---|---|---|---|
| 1230 | 1000 | ChildOf | Primary |