Description
Ruby on Rails applications store database configuration information in a file named config/database.yml. By default it contains three configurations: production, development, and test. The information stored in this file is highly sensitive and should not be found in a production system.
Remediation
Restrict access to this file or remove it from the system.
References
Related Vulnerabilities
Verb tampering via misconfigured security constraint
ASP.NET WCF metadata enabled for behavior
Xdebug remote code execution via xdebug.remote_connect_back
Docker Engine API is accessible without authentication
WordPress Plugin U BuddyPress Forum Attachment 'fileurl' Parameter Remote File Disclosure (1.1.1)