9. Context Leakage via Shared Caching Layers
9. Context Leakage via Shared Caching Layers
Redis or in-memory caches store intermediate steps across users, sessions, or tenants without isolation.
Tech Detail:
- Keys not namespaced by user/session
- No expiry or clearance logic
Exploit Potential:
- Tenant A accesses Tenant B’s threat report context via cache key guessing
- High-risk in MSSP or multi-customer environments
Mitigation:
- Use userID:taskID prefixes for cache keys
- Encrypt cached context blobs