9. Context Leakage via Shared Caching Layers

9. Context Leakage via Shared Caching Layers

Redis or in-memory caches store intermediate steps across users, sessions, or tenants without isolation.

Tech Detail:

  • Keys not namespaced by user/session
  • No expiry or clearance logic

Exploit Potential:

  • Tenant A accesses Tenant B’s threat report context via cache key guessing
  • High-risk in MSSP or multi-customer environments

Mitigation:

  • Use userID:taskID prefixes for cache keys
  • Encrypt cached context blobs
ON THIS PAGE