WEB APPLICATION VULNERABILITIES Standard & Premium

RoR Database Configuration File Detected

Description

Ruby on Rails applications store database configuration information in a file named config/database.yml. By default it contains three configurations: production, development, and test. The information stored in this file is highly sensitive and should not be found in a production system.

Remediation

Restrict access to this file or remove it from the system.

References

Configuring Rails Applications

Related Vulnerabilities

Jenkins weak password

Web server default welcome page

Microsoft IIS5 NTLM and Basic authentication bypass

Oracle E-Business Suite Frame Injection (CVE-2017-3528)

XML external entity injection (variant)

Severity

High

Classification

CWE-538 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure