234 – Technical information leak - Stacktrace

Description

Errors or exceptional events are not properly handled by the application allowing an attacker to disclose technical information from system error traces:

Impact

Exhibit technical information of the system.

Recommendation

- Remove functions that print technical information such as PrintStacktrace from the source code - Handle errors with typified exceptions and store them in duly protected logs

Threat

Internal attacker with access to the server console.

Expected Remediation Time

15 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: N
• Privileges required: L
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: P

Requirements

• 077 - Avoid disclosing technical information
• 176 - Restrict system objects

Fixes

• Csharp
• Dart
• Go
• Java
• Kotlin
• Ruby
• Scala

Last updated

2024/02/16