Improper Handling of Expired Resources

The application does not implement adequate lifecycle management for generated artifacts, temporary resources, or expired assets. Resources that have exceeded their intended retention period may remain accessible, continue consuming storage, or be referenced by active processes after they should have been archived, revoked, or removed.

Without defined cleanup and retention controls, expired resources can accumulate over time, increasing operational complexity and creating opportunities for unintended access to outdated or sensitive information. In some scenarios, continued reliance on stale resources may lead to system instability, data integrity issues, or unexpected application behaviour.

Remediation

Implement lifecycle management controls for temporary and generated resources, including defined retention periods, automated cleanup processes, archival procedures, and validation checks to ensure expired resources are no longer referenced by active workflows. Regularly review stored artifacts and remove resources that are no longer required for operational or compliance purposes.

Metadata

Severity: medium
Slug: improper-handling-of-expired-resources

CWEs

672: Operation on a Resource after Expiration or Release

Available Labs

Select a language to explore available labs for this vulnerability.

1 Lab

Gcp Labs

Gcp 1 lab

Explore 1 lab in Gcp.

No matching labs found

Try adjusting your language filter.

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.