Description

The Clockwork was found in the web application. Usage of the Clockwork should be avoided in production and strictly configured in a development environment, as it discloses sensitive information about the web application

Remediation

Disable the Clockwork or restrict access to it

References

Clockwork

Related Vulnerabilities

Internet Information Server returns IP address in HTTP header (Content-Location)

WordPress Plugin WP Custom Pages 'url' Parameter Local File Disclosure (0.5.0.1)

RethinkDB administrative interface publicly exposed

WordPress Plugin Download Shortcode Arbitrary File Disclosure (0.1)

WordPress Plugin WP Import Export Information Disclosure (3.9.15)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure