From 08eff5607c820e34e55ba277b5b473839d14f440 Mon Sep 17 00:00:00 2001 From: wesinator <5124946+wesinator@users.noreply.github.com> Date: Thu, 27 Mar 2025 08:48:42 -0400 Subject: [PATCH 1/3] sensitive data exposure categories - update business impact, steps --- .../descriptive_stack_trace/template.md | 3 ++- .../detailed_server_configuration/template.md | 5 +++-- .../full_path_disclosure/template.md | 5 +++-- .../visible_detailed_error_page/template.md | 3 ++- 4 files changed, 10 insertions(+), 6 deletions(-) diff --git a/submissions/description/sensitive_data_exposure/visible_detailed_error_page/descriptive_stack_trace/template.md b/submissions/description/sensitive_data_exposure/visible_detailed_error_page/descriptive_stack_trace/template.md index e9558ffc..08d7669e 100644 --- a/submissions/description/sensitive_data_exposure/visible_detailed_error_page/descriptive_stack_trace/template.md +++ b/submissions/description/sensitive_data_exposure/visible_detailed_error_page/descriptive_stack_trace/template.md @@ -4,12 +4,13 @@ The descriptive stack trace leaked by this application shows versions of softwar **Business Impact** +This vulnerability could enable attacker exploitation that will disrupt product or service availability, leading to direct financial loss. This vulnerability can impact customers’ trust in the application which can result in reputational damage for the business and indirect financial losses. **Steps to Reproduce** 1. Use a browser to navigate to: {{URL}} -1. Observe detailed error message showing a descriptive stack trace +2. Observe detailed error message showing a descriptive stack trace **Proof of Concept (PoC)** diff --git a/submissions/description/sensitive_data_exposure/visible_detailed_error_page/detailed_server_configuration/template.md b/submissions/description/sensitive_data_exposure/visible_detailed_error_page/detailed_server_configuration/template.md index 32d1a190..36b108f2 100644 --- a/submissions/description/sensitive_data_exposure/visible_detailed_error_page/detailed_server_configuration/template.md +++ b/submissions/description/sensitive_data_exposure/visible_detailed_error_page/detailed_server_configuration/template.md @@ -4,12 +4,13 @@ The detailed server configuration leaked by this application shows which version **Business Impact** -This vulnerability can impact customers’ trust in the application which can result in reputational damage for the business and indirect financial losses. +This vulnerability could enable attacker exploitation that will disrupt product or service availability, leading to direct financial loss. +It can impact customers’ trust in the application which can result in reputational damage for the business and indirect financial losses. **Steps to Reproduce** 1. Use a browser to navigate to: {{URL}} -1. Observe detailed error message showing detailed server configuration +2. Observe detailed error message showing detailed server configuration **Proof of Concept (PoC)** diff --git a/submissions/description/sensitive_data_exposure/visible_detailed_error_page/full_path_disclosure/template.md b/submissions/description/sensitive_data_exposure/visible_detailed_error_page/full_path_disclosure/template.md index 97381cfb..325106c2 100644 --- a/submissions/description/sensitive_data_exposure/visible_detailed_error_page/full_path_disclosure/template.md +++ b/submissions/description/sensitive_data_exposure/visible_detailed_error_page/full_path_disclosure/template.md @@ -4,12 +4,13 @@ The full path disclosure leaked by this application displays implementation info **Business Impact** -This vulnerability can impact customers’ trust in the application which can result in reputational damage for the business and indirect financial losses. +This vulnerability could enable attacker exploitation that will disrupt product or service availability, leading to direct financial loss. +It can impact customers’ trust in the application which can result in reputational damage for the business and indirect financial losses. **Steps to Reproduce** 1. Use a browser to navigate to: {{URL}} -1. Observe detailed error message showing the full path disclosure +2. Observe detailed error message showing the full path disclosure **Proof of Concept (PoC)** diff --git a/submissions/description/sensitive_data_exposure/visible_detailed_error_page/template.md b/submissions/description/sensitive_data_exposure/visible_detailed_error_page/template.md index 534d216e..7854b9fb 100644 --- a/submissions/description/sensitive_data_exposure/visible_detailed_error_page/template.md +++ b/submissions/description/sensitive_data_exposure/visible_detailed_error_page/template.md @@ -2,12 +2,13 @@ Visible detailed error pages are a result of improper error handling which intro **Business Impact** +This vulnerability could enable attacker exploitation that will disrupt product or service availability, leading to direct financial loss. This vulnerability can impact customers’ trust in the application which can result in reputational damage for the business and indirect financial losses. **Steps to Reproduce** 1. Use a browser to navigate to: {{URL}} -1. Observe detailed error message +2. Observe detailed error message **Proof of Concept (PoC)** From 15bbb7d1abd235a1a0e558f39fdc37d249b9e9ae Mon Sep 17 00:00:00 2001 From: wesinator <5124946+wesinator@users.noreply.github.com> Date: Thu, 27 Mar 2025 08:50:06 -0400 Subject: [PATCH 2/3] standardize business impact language --- .../descriptive_stack_trace/template.md | 2 +- .../visible_detailed_error_page/template.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/submissions/description/sensitive_data_exposure/visible_detailed_error_page/descriptive_stack_trace/template.md b/submissions/description/sensitive_data_exposure/visible_detailed_error_page/descriptive_stack_trace/template.md index 08d7669e..311367ad 100644 --- a/submissions/description/sensitive_data_exposure/visible_detailed_error_page/descriptive_stack_trace/template.md +++ b/submissions/description/sensitive_data_exposure/visible_detailed_error_page/descriptive_stack_trace/template.md @@ -5,7 +5,7 @@ The descriptive stack trace leaked by this application shows versions of softwar **Business Impact** This vulnerability could enable attacker exploitation that will disrupt product or service availability, leading to direct financial loss. -This vulnerability can impact customers’ trust in the application which can result in reputational damage for the business and indirect financial losses. +It can impact customers’ trust in the application which can result in reputational damage for the business and indirect financial losses. **Steps to Reproduce** diff --git a/submissions/description/sensitive_data_exposure/visible_detailed_error_page/template.md b/submissions/description/sensitive_data_exposure/visible_detailed_error_page/template.md index 7854b9fb..0cc948e6 100644 --- a/submissions/description/sensitive_data_exposure/visible_detailed_error_page/template.md +++ b/submissions/description/sensitive_data_exposure/visible_detailed_error_page/template.md @@ -3,7 +3,7 @@ Visible detailed error pages are a result of improper error handling which intro **Business Impact** This vulnerability could enable attacker exploitation that will disrupt product or service availability, leading to direct financial loss. -This vulnerability can impact customers’ trust in the application which can result in reputational damage for the business and indirect financial losses. +It can impact customers’ trust in the application which can result in reputational damage for the business and indirect financial losses. **Steps to Reproduce** From ce668a3803c81c148b136a68fac7cd6f2a37f4af Mon Sep 17 00:00:00 2001 From: wesinator <5124946+wesinator@users.noreply.github.com> Date: Wed, 25 Feb 2026 19:19:12 -0500 Subject: [PATCH 3/3] simplify impact language --- .../descriptive_stack_trace/template.md | 4 ++-- .../detailed_server_configuration/template.md | 4 ++-- .../full_path_disclosure/template.md | 4 ++-- .../visible_detailed_error_page/template.md | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/submissions/description/sensitive_data_exposure/visible_detailed_error_page/descriptive_stack_trace/template.md b/submissions/description/sensitive_data_exposure/visible_detailed_error_page/descriptive_stack_trace/template.md index 311367ad..a35691cd 100644 --- a/submissions/description/sensitive_data_exposure/visible_detailed_error_page/descriptive_stack_trace/template.md +++ b/submissions/description/sensitive_data_exposure/visible_detailed_error_page/descriptive_stack_trace/template.md @@ -4,8 +4,8 @@ The descriptive stack trace leaked by this application shows versions of softwar **Business Impact** -This vulnerability could enable attacker exploitation that will disrupt product or service availability, leading to direct financial loss. -It can impact customers’ trust in the application which can result in reputational damage for the business and indirect financial losses. +This vulnerability could enable attacker exploitation that will disrupt product or service availability, +leading to financial loss and impact customers’ trust in the application. **Steps to Reproduce** diff --git a/submissions/description/sensitive_data_exposure/visible_detailed_error_page/detailed_server_configuration/template.md b/submissions/description/sensitive_data_exposure/visible_detailed_error_page/detailed_server_configuration/template.md index 36b108f2..2ffcb471 100644 --- a/submissions/description/sensitive_data_exposure/visible_detailed_error_page/detailed_server_configuration/template.md +++ b/submissions/description/sensitive_data_exposure/visible_detailed_error_page/detailed_server_configuration/template.md @@ -4,8 +4,8 @@ The detailed server configuration leaked by this application shows which version **Business Impact** -This vulnerability could enable attacker exploitation that will disrupt product or service availability, leading to direct financial loss. -It can impact customers’ trust in the application which can result in reputational damage for the business and indirect financial losses. +This vulnerability could enable attacker exploitation that will disrupt product or service availability, +leading to financial loss and impact customers’ trust in the application. **Steps to Reproduce** diff --git a/submissions/description/sensitive_data_exposure/visible_detailed_error_page/full_path_disclosure/template.md b/submissions/description/sensitive_data_exposure/visible_detailed_error_page/full_path_disclosure/template.md index 325106c2..be5a2f3a 100644 --- a/submissions/description/sensitive_data_exposure/visible_detailed_error_page/full_path_disclosure/template.md +++ b/submissions/description/sensitive_data_exposure/visible_detailed_error_page/full_path_disclosure/template.md @@ -4,8 +4,8 @@ The full path disclosure leaked by this application displays implementation info **Business Impact** -This vulnerability could enable attacker exploitation that will disrupt product or service availability, leading to direct financial loss. -It can impact customers’ trust in the application which can result in reputational damage for the business and indirect financial losses. +This vulnerability could enable attacker exploitation that will disrupt product or service availability, +leading to financial loss and impact customers’ trust in the application. **Steps to Reproduce** diff --git a/submissions/description/sensitive_data_exposure/visible_detailed_error_page/template.md b/submissions/description/sensitive_data_exposure/visible_detailed_error_page/template.md index 0cc948e6..f87de33a 100644 --- a/submissions/description/sensitive_data_exposure/visible_detailed_error_page/template.md +++ b/submissions/description/sensitive_data_exposure/visible_detailed_error_page/template.md @@ -2,8 +2,8 @@ Visible detailed error pages are a result of improper error handling which intro **Business Impact** -This vulnerability could enable attacker exploitation that will disrupt product or service availability, leading to direct financial loss. -It can impact customers’ trust in the application which can result in reputational damage for the business and indirect financial losses. +This vulnerability could enable attacker exploitation that will disrupt product or service availability, +leading to financial loss and impact customers’ trust in the application. **Steps to Reproduce**