Insertion of Sensitive Information Into Sent Data ('Information Leakage') [VID:187] #239
Labels
Veracode Policy Scan
A Veracode Flaw found during a Policy or Sandbox Scan
VeracodeFlaw: Low
A Veracode Flaw, Low severity
Comments
github-actions
bot
added
Veracode Policy Scan
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Filename: BlabController.java
Line: 258
CWE: 201 (Insertion of Sensitive Information Into Sent Data ('Information Leakage'))
The application calls the processFeed() function, which will result in data being transferred out of the application (via the network or another medium). This data contains sensitive information. The potentially sensitive data originated from an earlier call to java.lang.System.getenv. Ensure that the transfer of the sensitive data is intended and that it does not violate application security policy. This flaw is categorized as low severity because it only impacts confidentiality, not integrity or availability. However, in the context of a mobile application, the significance of an information leak may be much greater, especially if misaligned with user expectations or data privacy policies. References: CWE OWASP Security Misconfiguration OWASP Cryptographic Failures
The text was updated successfully, but these errors were encountered: