logo

Database

Business information leak - Customers or providers

Description

Sensitive information such as customer or providers lists, emails, phone numbers or identifiers can be obtained from the application.

Impact

Obtain sensitive information to craft new attack vectors.

Recommendation

Implement security controls to ensure that the leaked information can be accessed only by authenticated and authorized users.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

⏱️ 30 minutes.

Requirements

176 - Restrict system objects177 - Avoid caching and temporary files261 - Avoid exposing sensitive information300 - Mask sensitive data

Fixes

CsharpElixirGoJavaPhpPythonScalaTypescript

Score

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

Attack vector

L

Attack complexity

H

Attack requirements

N

Privileges required

L

User interaction

N

Confidentiality (VC)

H

Integrity (VI)

N

Availability (VA)

N

Confidentiality (SC)

N

Integrity (SI)

N

Availability (SA)

N

Threat 4.0

Exploit maturity

X

Vector string

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N