Security Test: Frontend Stacktrace¶
Description¶
Default Severity:
Detailed error messages reveal too much about your system, such as which database or code libraries you're using, making it easier for attackers to find and exploit known vulnerabilities. When developers leave raw error messages accessible, they unintentionally give attackers a blueprint for targeting weaknesses in production systems, increasing the risk of a breach. It’s crucial to keep these details hidden from users and only available in internal logs for debugging purposes.
Reference:
Configuration¶
Identifier:
frontend_information_disclosure/stacktrace
Examples¶
All configuration available:
Compliance and Standards¶
Standard | Value |
---|---|
OWASP API Top 10 | API7:2023 |
OWASP LLM Top 10 | LLM06:2023 |
PCI DSS | 6.5.5 |
GDPR | Article-32 |
SOC2 | CC1 |
PSD2 | Article-95 |
ISO 27001 | A.14.2 |
NIST | SP800-53 |
FedRAMP | SI-10 |
CWE | 209 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C |
CVSS Score | 5.1 |