From 4fd8f12ba851b9258ab419a695430e3c5740e6b4 Mon Sep 17 00:00:00 2001 From: NureddinSoltan Date: Wed, 25 Feb 2026 04:55:04 +0300 Subject: [PATCH 1/4] fix: correct CWE-201 official name in A01 mapped CWEs list --- 2025/docs/en/A01_2025-Broken_Access_Control.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2025/docs/en/A01_2025-Broken_Access_Control.md b/2025/docs/en/A01_2025-Broken_Access_Control.md index 575192150..2989dee4b 100644 --- a/2025/docs/en/A01_2025-Broken_Access_Control.md +++ b/2025/docs/en/A01_2025-Broken_Access_Control.md @@ -157,7 +157,7 @@ from the command line. * [CWE-200 Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) -* [CWE-201 Exposure of Sensitive Information Through Sent Data](https://cwe.mitre.org/data/definitions/201.html) +* [CWE-201 Insertion of Sensitive Information Into Sent Data](https://cwe.mitre.org/data/definitions/201.html) * [CWE-219 Storage of File with Sensitive Data Under Web Root](https://cwe.mitre.org/data/definitions/219.html) From e4d388e27d4290eb9c76ef3b7c063db98006124b Mon Sep 17 00:00:00 2001 From: NureddinSoltan Date: Wed, 4 Mar 2026 23:51:28 +0300 Subject: [PATCH 2/4] fix: correct descriptions for CWE-298 and CWE-299. --- 2025/docs/en/A07_2025-Authentication_Failures.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/2025/docs/en/A07_2025-Authentication_Failures.md b/2025/docs/en/A07_2025-Authentication_Failures.md index 2d3077107..2a1213853 100644 --- a/2025/docs/en/A07_2025-Authentication_Failures.md +++ b/2025/docs/en/A07_2025-Authentication_Failures.md @@ -148,9 +148,9 @@ When an attacker is able to trick a system into recognizing an invalid or incorr * [CWE-297 Improper Validation of Certificate with Host Mismatch](https://cwe.mitre.org/data/definitions/297.html) -* [CWE-298 Improper Validation of Certificate with Host Mismatch](https://cwe.mitre.org/data/definitions/298.html) +* [CWE-298 Improper Validation of Certificate Expiration](https://cwe.mitre.org/data/definitions/298.html) -* [CWE-299 Improper Validation of Certificate with Host Mismatch](https://cwe.mitre.org/data/definitions/299.html) +* [CWE-299 Improper Check for Certificate Revocation](https://cwe.mitre.org/data/definitions/299.html) * [CWE-300 Channel Accessible by Non-Endpoint](https://cwe.mitre.org/data/definitions/300.html) From 940f337279b36ea1169a8b73b8438e2c7d03758c Mon Sep 17 00:00:00 2001 From: NureddinSoltan Date: Wed, 4 Mar 2026 23:57:31 +0300 Subject: [PATCH 3/4] Revert "fix: correct CWE-201 official name in A01 mapped CWEs list" This reverts commit 4fd8f12ba851b9258ab419a695430e3c5740e6b4. --- 2025/docs/en/A01_2025-Broken_Access_Control.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2025/docs/en/A01_2025-Broken_Access_Control.md b/2025/docs/en/A01_2025-Broken_Access_Control.md index 2989dee4b..575192150 100644 --- a/2025/docs/en/A01_2025-Broken_Access_Control.md +++ b/2025/docs/en/A01_2025-Broken_Access_Control.md @@ -157,7 +157,7 @@ from the command line. * [CWE-200 Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) -* [CWE-201 Insertion of Sensitive Information Into Sent Data](https://cwe.mitre.org/data/definitions/201.html) +* [CWE-201 Exposure of Sensitive Information Through Sent Data](https://cwe.mitre.org/data/definitions/201.html) * [CWE-219 Storage of File with Sensitive Data Under Web Root](https://cwe.mitre.org/data/definitions/219.html) From 9fb6adcfd38d1877c58ba96cf6977537bd420c47 Mon Sep 17 00:00:00 2001 From: NureddinSoltan Date: Thu, 5 Mar 2026 23:12:54 +0300 Subject: [PATCH 4/4] fix: correct typo "Loss of Omission" to "Loss or Omission" in CWE-221. --- 2025/docs/en/A09_2025-Security_Logging_and_Alerting_Failures.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2025/docs/en/A09_2025-Security_Logging_and_Alerting_Failures.md b/2025/docs/en/A09_2025-Security_Logging_and_Alerting_Failures.md index 630f0fb74..9cc11e736 100644 --- a/2025/docs/en/A09_2025-Security_Logging_and_Alerting_Failures.md +++ b/2025/docs/en/A09_2025-Security_Logging_and_Alerting_Failures.md @@ -127,7 +127,7 @@ There are commercial and open-source application protection products such as the * [CWE-117 Improper Output Neutralization for Logs](https://cwe.mitre.org/data/definitions/117.html) -* [CWE-221 Information Loss of Omission](https://cwe.mitre.org/data/definitions/221.html) +* [CWE-221 Information Loss or Omission](https://cwe.mitre.org/data/definitions/221.html) * [CWE-223 Omission of Security-relevant Information](https://cwe.mitre.org/data/definitions/223.html)