CWE

Information Exposure Through Environmental Variables

ID: 526		Date: (C)2012-05-14   (M)2022-10-10
Type: weakness		Status: INCOMPLETE
Abstraction Type: Variant

Description

Environmental variables may contain sensitive information about a remote server.

Applicable Platforms
None

Time Of Introduction

• Architecture and Design
• Implementation
• Operation

Common Consequences

Scope	Technical Impact	Notes
Confidentiality	Read application data

Detection Methods
None

Potential Mitigations

Phase	Strategy	Description	Effectiveness	Notes
Architecture and Design		Protect information stored in environment variable from being exposed to the user.

Relationships

Related CWE	Type	View	Chain
CWE-526 ChildOf CWE-895	Category	CWE-888

Demonstrative Examples
None

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings
None

References:
None