Description
View on MITREExtended Description
Use class accessor and mutator methods appropriately. Perform validation when accepting data from a public method that is intended to modify a critical private variable. Also be sure that appropriate access controls are being applied when a public method interfaces with critical data.
No detection method information available for this CWE.
No examples or observed CVEs available for this CWE.
No relationship information available for this CWE.
CWE-767: CWE-767: Access to Critical Private Variable via Public Method is a Common Weakness Enumeration (CWE) entry maintained by MITRE. Description Extended Description
If exploited, CWE-767 (CWE-767: Access to Critical Private Variable via Public Method) it can compromise Modify Application Data and Other, leading to outcomes such as Scope: Integrity and Other.
Recommended mitigations for CWE-767 include: Use class accessor and mutator methods appropriately. Perform validation when accepting data from a public method that is intended to modify a critical private variable. Also be sure that appropriate access controls are being applied when a public method interfaces with critical data.
CWE-767 commonly affects Languages. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
A CWE (Common Weakness Enumeration) like CWE-767 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.