CWE-598 Information Exposure Through Query Strings

What this means

SiteShadow flagged sensitive data being placed into URL query parameters (tokens, passwords, API keys, personal data).

Why it matters

Query strings can leak through logs, history, and referrers.

• Logs and monitoring often capture full URLs.
• Browser history and bookmarks persist query strings.
• Referrers can leak query strings to third-party sites.

Safer examples

1) Use headers or POST bodies for secrets

await fetch("/api/resource", {
  method: "POST",
  headers: { Authorization: `Bearer ${token}` },
});

2) Use opaque IDs instead of raw data

Put an ID in the URL, not the sensitive value itself.

3) Redact URLs in logs/telemetry

If URLs must include sensitive values (avoid it), ensure redaction happens before logging/analytics.

How SiteShadow detects it (high level)

• Flags credential-like keys/values in query string construction.
• Detects tokens/passwords being appended to URLs or used in redirect parameters.

References

• CWE-598: https://cwe.mitre.org/data/definitions/598.html

---

← Back to Vulnerability Library