Leakage of sensitive data in exception message

Overview

Rule ID: java_lang_exception
Applicable Languages: Java
Weakness ID: CWE-210

Description

Leakage of sensitive data in exception messages can lead to data breaches. This vulnerability occurs when sensitive information is included in exceptions, making it accessible to unauthorized users.

Remediation Guidelines

Avoid including sensitive data in exception messages to prevent inadvertent exposure of private information.
```
throw new Exception("error for " + user.email);
```
Use non-sensitive, unique identifiers in exception messages to avoid revealing personal identifiable information (PII).
```
throw new Exception("error for " + user.id);
```

References

Configuration

PreviousLeakage of sensitive data in cookie NextLeakage of sensitive data to Airbrake

Last updated 8 months ago