Description

This Ruby on Rails web application is running in development mode. When you generate a Ruby on Rails application it will create three environments: development, production and test. In development mode, Rails is not as secure as it shows diagnostics pages that leak a lot of sensitive information about the application internals.

Remediation

It's recommended to configure your Rails application to run in production mode. Usually, the following command will run your application in production mode. 

rails server -e production

References

Getting Started with Rails

Rails Insecure Defaults

Use of Ruby on Rails environments

Related Vulnerabilities

Cookie signed with weak secret key

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-3394)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-4298)

WordPress Plugin SSL Insecure Content Fixer Information Disclosure (2.0.0)

PHP magic_quotes_gpc is disabled

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration