Description

The Clockwork was found in the web application. Usage of the Clockwork should be avoided in production and strictly configured in a development environment, as it discloses sensitive information about the web application

Remediation

Disable the Clockwork or restrict access to it

References

Clockwork

Related Vulnerabilities

Twisted Web HTTP Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-21712)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-5835)

Nuxt.js Running in Development Mode

WordPress debug mode

CodeIgniter development mode enabled

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure