Last Modified: Sep 13, 2023
16.0.0, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52
Opened: Nov 11, 2019 Severity: 3-Major Related Article:
Related Article: K86285055
Global/URL/Flow Parameters with flag is_sensitive true are not masked in referrer and their value may be exposed in logs.
The parameter will not be masked in 'Referer' value header in logs, although it is masked in 'QS' string.
Global/URL/Flow Parameters with flag is_sensitive true are defined in the policy. In logs, the value of such parameter will be masked in QS, but will be exposed in the referrer.
Can defined the parameters as global sensitive parameters.
After the fix, such parameters will be treated like global sensitive parameters and will be covered also in the Referer