Description

One or more configuration files (e.g. Vagrantfile, Gemfile, Rakefile, ...) were found. These files may expose sensitive information that could help a malicious user to prepare more advanced attacks. It's recommended to remove or restrict access to this type of files from production systems.

Remediation

Remove or restrict access to all configuration files acessible from internet.

References

OWASP - Secure Configuration Management

Related Vulnerabilities

Microsoft IIS tilde directory enumeration

Struts 2 Config Browser plugin enabled

WordPress Plugin Caldera Forms-More Than Contact Forms Information Disclosure (1.3.5.2)

Tiki Wiki CMS: Remote Code Execution via Calendar Module

WordPress Plugin Order Export & Order Import for WooCommerce Information Disclosure (1.0.8)

Severity

Medium

Classification

CWE-538 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Dev Files Test Files