VYPR

CWE-598

Use of HTTP Request With Sensitive Query String

VariantDraft

Description

The web application uses an HTTP method to process a request, but the request includes sensitive information in the query string.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (41)

page 3 of 3
  • CVE-2023-6014Nov 16, 2023
    risk 0.00cvss epss 0.01

    An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.