Description

Ruby on Rails applications store database configuration information in a file named config/database.yml. By default it contains three configurations: production, development, and test. The information stored in this file is highly sensitive and should not be found in a production system.

Remediation

Restrict access to this file or remove it from the system.

References

Configuring Rails Applications

Related Vulnerabilities

Verb tampering via misconfigured security constraint

ASP.NET WCF metadata enabled for behavior

Xdebug remote code execution via xdebug.remote_connect_back

Docker Engine API is accessible without authentication

WordPress Plugin U BuddyPress Forum Attachment 'fileurl' Parameter Remote File Disclosure (1.1.1)

Severity

High

Classification

CWE-538 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure