Details
Alert Id 10024
Alert Type Passive
Status release
Risk Informational
CWE 200
WASC 13
Tags OWASP_2017_A03
OWASP_2021_A01

Summary

The request appeared to contain sensitive information leaked in the URL. This can violate PCI and most organizational compliance policies. You can configure the list of strings for this check to add or remove values specific to your environment.

Solution

Do not pass sensitive information in URIs.

References

Code

org/zaproxy/zap/extension/pscanrules/InformationDisclosureInUrlScanRule.java