366 – Inappropriate coding practices - Transparency Conflict
Description
The application uses Transparency attributes such as SecurityCriticalAttribute and SecuritySafeCriticalAttribute to identify code that performs critical security operations. However a transparency conflict is created when a member is marked with a security attribute that has a different transparency than the security attribute of a container of the member.
Impact
Cause unexpected behaviors in the application.
Recommendation
Remove nested transparency annotation to avoid security attributes conflicts.
Threat
Anonymous attacker from Internet.
Expected Remediation Time
Score 4.0
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
- Attack vector: N
- Attack complexity: H
- Attack Requirements: N
- Privileges required: N
- User interaction: N
- Confidentiality (VC): N
- Integrity (VI): L
- Availability (VA): N
- Confidentiality (SC): N
- Integrity (SI): N
- Availability (SA): N
Threat 4.0
- Exploit maturity: U