Skip to content

Security Test: Frontend Stacktrace

Description

Default Severity:

Detailed error messages reveal too much about your system, such as which database or code libraries you're using, making it easier for attackers to find and exploit known vulnerabilities. When developers leave raw error messages accessible, they unintentionally give attackers a blueprint for targeting weaknesses in production systems, increasing the risk of a breach. It’s crucial to keep these details hidden from users and only available in internal logs for debugging purposes.

Reference:

Configuration

Identifier: frontend_information_disclosure/stacktrace

Examples

All configuration available:

checks:
  frontend_information_disclosure/stacktrace:
    skip: false # default

Compliance and Standards

Standard Value
OWASP API Top 10 API7:2023
OWASP LLM Top 10 LLM06:2023
PCI DSS 6.5.5
GDPR Article-32
SOC2 CC1
PSD2 Article-95
ISO 27001 A.14.2
NIST SP800-53
FedRAMP SI-10
CWE 209
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
CVSS Score 5.1