Use of GET Request Method With Sensitive Query Strings
CWE-598
CVSS severity (NVD, All Time)
Per technology (GHSA, All time)
100%-Pip
Short description
The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.
Extended description
The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks.
Best practices to prevent this CWE
Phase: Implementation
When sensitive information is sent, use the POST method (e.g. registration form).