Back to CWE list
CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory
Base
Draft
Description
The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Confidentiality
Impact
Read Files or Directories
Potential Mitigations
Architecture and Design
Operation
System Configuration
Do not expose file and directory information to the user.
CVE-2018-1999036SSH password for private key stored in build log
Applicable Platforms
Not Language-Specific
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now