Description

This Ruby on Rails web application is running in development mode. When you generate a Ruby on Rails application it will create three environments: development, production and test. In development mode, Rails is not as secure as it shows diagnostics pages that leak a lot of sensitive information about the application internals.

Remediation

It's recommended to configure your Rails application to run in production mode. Usually, the following command will run your application in production mode. 

rails server -e production

References

Getting Started with Rails

Rails Insecure Defaults

Use of Ruby on Rails environments

Related Vulnerabilities

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1818)

WordPress Plugin File Manager Information Disclosure (6.4)

WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.36)

WordPress Plugin Credova_Financial Information Disclosure (1.4.8)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-17671)

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration