Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
There are many different kinds of mistakes that introduce information exposures. The severity of the error can range widely, depending on the context in which the product operates, the type of sensitive information that is revealed, and the benefits it may provide to an attacker.
Prevalencia
Alta
Frecuentemente explotada
Impacto
Crítico
4 reglas de severidad crítica
Prevención
Documentada
14 ejemplos de corrección
2 Prevención
2 Prevención
Cómo corregir esta vulnerabilidad
Estrategias de prevención para Information Exposure basadas en 14 reglas de detección de Shoulder.
Environment Variable Secret Exposure
HIGH
Use environment variables for configuration only; never log or return their values
package main import ( "log" "os" ) func main() { apiKey := os.Getenv("API_KEY") - log.Printf("API Key: %s", apiKey) + if apiKey == "" { + log.Fatal("API_KEY not configured") + } + log.Println("API key configured:", len(apiKey) > 0) + // Use apiKey internally, never log or return it }
LLM Model Theft
HIGH
Store API keys in environment variables, never log them, and protect model endpoints with authentication
- client := openai.NewClient("sk-proj-1234567890abcdefghijklmnop") - log.Printf("Using key: %s", apiKey) - http.Handle("/models/", http.FileServer(http.Dir("./models"))) + client := openai.NewClient(os.Getenv("OPENAI_API_KEY")) + log.Printf("Request completed: model=%s tokens=%d", model, usage.TotalTokens) + + modelsHandler := http.FileServer(http.Dir("./models")) + http.Handle("/models/", authMiddleware(rateLimiter(modelsHandler)))
LLM Sensitive Information Disclosure
HIGH
Mask PII and redact credentials before sending data to LLM APIs, and use structured logging
- resp, _ := client.CreateChatCompletion(ctx, openai.ChatCompletionRequest{ - Messages: []openai.ChatCompletionMessage{{ - Content: fmt.Sprintf("User SSN: %s, Password: %s", user.SSN, password), - }}, - }) - log.Printf("Request: %v", messages) + safeMessage := maskPII(userInput) + safeMessage = redactCredentials(safeMessage) + + resp, _ := client.CreateChatCompletion(ctx, openai.ChatCompletionRequest{ + Messages: []openai.ChatCompletionMessage{{Content: safeMessage}}, + }) + log.Printf("Completed: model=%s tokens=%d", model, resp.Usage.TotalTokens)
JavaScript
Ver todo JavaScript detalles →
Environment Variable Secret Exposure
HIGH
Use secrets internally without exposing them in logs, responses, or client-side code
- app.get('/config', (req, res) => { - res.json({ apiKey: process.env.API_KEY }); - }); + const apiKey = process.env.API_KEY; + // Use the key server-side only + const result = await externalApi.call({ key: apiKey }); + res.json({ data: result });
LLM Model Theft
HIGH
Load API keys from environment variables and proxy LLM calls through your server
const openai = new OpenAI({ - apiKey: 'sk-proj-1234567890abcdefghijklmnop' + apiKey: process.env.OPENAI_API_KEY });
LLM Sensitive Information Disclosure
HIGH
Mask or redact PII and credentials before sending data to LLM APIs
- const response = await openai.chat.completions.create({ - messages: [{ role: 'user', content: `Process: ${userRecord}` }] + const masked = maskPII(userRecord); + const response = await openai.chat.completions.create({ + messages: [{ role: 'user', content: `Process: ${masked}` }] });
Python
Ver todo Python detalles →
Information Disclosure
MEDIUM
Return generic error messages to users; log detailed errors server-side only
- from flask import jsonify - - @app.route('/api/data') - def handler(): - try: - return jsonify(process()) - except Exception as e: - return jsonify({'error': str(e), 'trace': traceback.format_exc()}), 500 + import logging + from flask import jsonify + + logger = logging.getLogger(__name__) + + @app.route('/api/data') + def handler(): + try: + return jsonify(process()) + except Exception as e: + logger.error(f"Error: {e}", exc_info=True) + return jsonify({'error': 'Internal server error'}), 500
LLM Sensitive Information Disclosure
HIGH
Use Presidio or similar libraries to anonymize PII before sending data to LLM APIs
- messages = [{ - 'role': 'user', - 'content': f"User SSN: {user.ssn}, email: {user.email}. Summarize profile." - }] - logging.info(f"Request: {messages}") - response = openai.chat.completions.create(model='gpt-4', messages=messages) + from presidio_analyzer import AnalyzerEngine + from presidio_anonymizer import AnonymizerEngine + + analyzer = AnalyzerEngine() + anonymizer = AnonymizerEngine() + + def anonymize_text(text: str) -> str: + results = analyzer.analyze(text=text, language='en') + return anonymizer.anonymize(text=text, analyzer_results=results).text + + safe_message = anonymize_text(user_message) + messages = [{'role': 'user', 'content': safe_message}] + response = openai.chat.completions.create(model='gpt-4', messages=messages) + logger.info('Completed', extra={'model': 'gpt-4', 'tokens': response.usage.total_tokens})
Sensitive Field Exposure in API Response
CRITICAL
Use explicit field selection or serializer schemas to exclude sensitive fields from responses
from flask import jsonify from models import User @app.route('/api/users') def get_users(): users = User.query.all() - return jsonify([u.__dict__ for u in users]) + return jsonify([{ + 'id': u.id, + 'email': u.email, + 'name': u.name + } for u in users])
3 Detección
3 Detección
Encuentra vulnerabilidades en tu código
Usa Shoulder para escanear tu código en busca de patrones Exposure of Sensitive Information to an Unauthorized Actor. 14 reglas.
# Scan with Shoulder CLI npx @shoulderdev/cli trust --cwe=200 # Or scan entire project npx @shoulderdev/cli trust .
Reglas de Detección (14)
🟨
Javascript
5 rules
Environment Variable Secret Exposure
HIGH
Detects when environment variables (which may contain secrets like API keys,
passwords, tokens) are leaked through logging, HTTP responses, or external requests.
Environment variables commonly store sensitive data:
- API keys (AWS_ACCESS_KEY_ID, STRIPE_SECRET_KEY)
- Database passwords (DB_PASSWORD, DATABASE_URL)
- JWT secrets (JWT_SECRET)
- OAuth tokens (GITHUB_TOKEN, SLACK_TOKEN)
Leaking these values exposes credentials and allows unauthorized access.
This rule uses taint flow analysis to de
LLM Model Theft
HIGH
Detects vulnerabilities that could lead to model theft or API key exposure.
OWASP LLM10 - Model Theft.
Model theft can occur through:
- API key exposure in client-side code or logs
- Model weights exposed via insecure endpoints
- Model extraction attacks via unrestricted API access
- Insecure model serialization and storage
- Missing access controls on model endpoints
This rule detects:
- Hardcoded API keys in source code
- API keys in client-side JavaScript
- Model files served without authen
LLM Sensitive Information Disclosure
HIGH
Detects potential sensitive information disclosure in AI/LLM implementations.
OWASP LLM06 - Sensitive Information Disclosure.
Sensitive information can be leaked through:
- PII (Personal Identifiable Information) in prompts
- Credentials or secrets in prompts or system messages
- Sensitive business data sent to third-party LLM APIs
- Logging LLM conversations containing sensitive data
- LLM responses exposed without filtering
This rule detects:
- Sensitive data patterns in LLM prompts
- Creden
Sensitive Field Exposure in API Response
CRITICAL
Detects when sensitive data fields (passwords, tokens, secrets, API keys) are
exposed through API endpoint responses. This commonly happens when:
1. Mapping user data with sensitive fields: `.map(u => ({ password: u.password }))`
2. Returning entire user objects: `res.json(user)` where user has password field
3. Including sensitive fields in response objects: `res.json({ password: user.password })`
This is particularly dangerous when AI-generated code returns user collections
without filtering
Prisma Sensitive Field Exposure
CRITICAL
Prisma returns all fields by default. Without 'select' or 'omit', password hashes
and API tokens can leak to clients.
🔷
Typescript
5 rules
Environment Variable Secret Exposure
HIGH
Detects when environment variables (which may contain secrets like API keys,
passwords, tokens) are leaked through logging, HTTP responses, or external requests.
Environment variables commonly store sensitive data:
- API keys (AWS_ACCESS_KEY_ID, STRIPE_SECRET_KEY)
- Database passwords (DB_PASSWORD, DATABASE_URL)
- JWT secrets (JWT_SECRET)
- OAuth tokens (GITHUB_TOKEN, SLACK_TOKEN)
Leaking these values exposes credentials and allows unauthorized access.
This rule uses taint flow analysis to de
LLM Model Theft
HIGH
Detects vulnerabilities that could lead to model theft or API key exposure.
OWASP LLM10 - Model Theft.
Model theft can occur through:
- API key exposure in client-side code or logs
- Model weights exposed via insecure endpoints
- Model extraction attacks via unrestricted API access
- Insecure model serialization and storage
- Missing access controls on model endpoints
This rule detects:
- Hardcoded API keys in source code
- API keys in client-side JavaScript
- Model files served without authen
LLM Sensitive Information Disclosure
HIGH
Detects potential sensitive information disclosure in AI/LLM implementations.
OWASP LLM06 - Sensitive Information Disclosure.
Sensitive information can be leaked through:
- PII (Personal Identifiable Information) in prompts
- Credentials or secrets in prompts or system messages
- Sensitive business data sent to third-party LLM APIs
- Logging LLM conversations containing sensitive data
- LLM responses exposed without filtering
This rule detects:
- Sensitive data patterns in LLM prompts
- Creden
Sensitive Field Exposure in API Response
CRITICAL
Detects when sensitive data fields (passwords, tokens, secrets, API keys) are
exposed through API endpoint responses. This commonly happens when:
1. Mapping user data with sensitive fields: `.map(u => ({ password: u.password }))`
2. Returning entire user objects: `res.json(user)` where user has password field
3. Including sensitive fields in response objects: `res.json({ password: user.password })`
This is particularly dangerous when AI-generated code returns user collections
without filtering
Prisma Sensitive Field Exposure
CRITICAL
Prisma returns all fields by default. Without 'select' or 'omit', password hashes
and API tokens can leak to clients.
🐍
Python
5 rules
Information Disclosure
MEDIUM
Detects information disclosure vulnerabilities: debug mode enabled, exposing
stack traces, returning detailed error messages, or leaking sensitive data.
LLM Model Theft
HIGH
Detects vulnerabilities that could lead to model theft or API key exposure.
OWASP LLM10 - Model Theft.
Model theft can occur through:
- API key exposure in source code or logs
- Model weights exposed via insecure endpoints
- Model extraction attacks via unrestricted API access
- Insecure model serialization and storage
LLM Sensitive Information Disclosure
HIGH
Detects potential sensitive information disclosure in AI/LLM implementations.
OWASP LLM06 - Sensitive Information Disclosure.
Sensitive information can be leaked through:
- PII (Personal Identifiable Information) in prompts
- Credentials or secrets in prompts or system messages
- Sensitive business data sent to third-party LLM APIs
- Logging LLM conversations containing sensitive data
Sensitive Field Exposure in API Response
CRITICAL
Detects when sensitive data fields (passwords, tokens, secrets) are
exposed through API endpoint responses. This commonly happens when:
1. Returning user dictionaries with sensitive fields
2. Serializing ORM objects without excluding sensitive fields
3. Including sensitive fields in JSON responses
Security Impact:
- Password hash exposure enabling offline cracking attacks
- API key/token leakage allowing account takeover
- Session token exposure enabling session hijacking
- PII disclosure viol
Server Information Disclosure
LOW
Detects server configuration that exposes version information, framework details,
or other implementation details through HTTP headers. This information helps
attackers identify known vulnerabilities in specific versions.
🐹
Go
4 rules
Environment Variable Secret Exposure
HIGH
Environment variables containing secrets flow to logs or HTTP responses.
LLM Model Theft
HIGH
Detects vulnerabilities leading to model theft or API key exposure such as hardcoded keys or insecure model endpoints.
LLM Sensitive Information Disclosure
HIGH
Detects sensitive information disclosure in AI/LLM implementations such as credentials or PII in prompts.
Sensitive Field Exposure in API Response
CRITICAL
Sensitive fields like password, token, or apiKey included in HTTP responses.
4 Señales de Alerta
4 Señales de Alerta
Qué buscar en las revisiones de código
Estos patrones indican vulnerabilidades potenciales de Exposure of Sensitive Information to an Unauthorized Actor. Búscalos durante las revisiones de código y auditorías de seguridad.
Model theft vulnerability: ...
go-llm-model-theft
vulnerabilities leading to model theft or API key exposure such as hardcoded keys or insecure model
go-llm-model-theft
Potential sensitive information disclosure: ...
go-llm-sensitive-info-disclosure
sensitive information disclosure in AI/LLM implementations such as credentials or PII in prompts
go-llm-sensitive-info-disclosure
when environment variables (which may contain secrets like API keys,
passwords, tokens) are leaked t
javascript-env-vars-secret-exposure
vulnerabilities that could lead to model theft or API key exposure
javascript-llm-model-theft
potential sensitive information disclosure in AI/LLM implementations
javascript-llm-sensitive-info-disclosure
information disclosure vulnerabilities: debug mode enabled, exposing
stack traces, returning detaile
python-information-disclosure
Escanea tu base de código para Exposure of Sensitive Information to an Unauthorized Actor
Shoulder CLI encuentra patrones vulnerables en toda tu base de código.