CWE-214: Invocation of Process Using Visible Sensitive Information

A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

Many operating systems allow a user to list information about processes that are owned by other users. Other users could see information such as command line arguments or environment variable settings. When this data contains sensitive information such as credentials, it might allow other users to launch an attack against the product or related resources.

CWE-214: Invocation of Process Using Visible Sensitive Information

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Code examples

Illustrative examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-214?

What CVEs are caused by CWE-214?

What are the consequences of CWE-214?

Is CWE-214 actively exploited?

References

Stay ahead of CWE-214

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Code examples

Illustrative examples

Related weaknesses

Parent

Peer

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-214?

What CVEs are caused by CWE-214?

What are the consequences of CWE-214?

Is CWE-214 actively exploited?

References

Stay ahead of CWE-214