Filename: UserController.java
Line: 442
CWE: 201 (Insertion of Sensitive Information Into Sent Data ('Information Leakage'))
The application calls the showProfile() function, which will result in data being transferred out of the application (via the network or another medium). This data contains sensitive information. The potentially sensitive data originated from an earlier call to java.lang.System.getenv. Ensure that the transfer of the sensitive data is intended and that it does not violate application security policy. This flaw is categorized as low severity because it only impacts confidentiality, not integrity or availability. However, in the context of a mobile application, the significance of an information leak may be much greater, especially if misaligned with user expectations or data privacy policies. References: CWE OWASP Security Misconfiguration OWASP Cryptographic Failures
Filename: UserController.java
Line: 442
CWE: 201 (Insertion of Sensitive Information Into Sent Data ('Information Leakage'))
The application calls the showProfile() function, which will result in data being transferred out of the application (via the network or another medium). This data contains sensitive information. The potentially sensitive data originated from an earlier call to java.lang.System.getenv. Ensure that the transfer of the sensitive data is intended and that it does not violate application security policy. This flaw is categorized as low severity because it only impacts confidentiality, not integrity or availability. However, in the context of a mobile application, the significance of an information leak may be much greater, especially if misaligned with user expectations or data privacy policies. References: CWE OWASP Security Misconfiguration OWASP Cryptographic Failures