Description

One or more stack traces were identified. The web application has generated an error message that includes sensitive information about its environment, users, or associated data.

The stack trace can disclose potentially sensitive information such as: physical file paths of relevant files, source code fragments, version information of various packages, database information, error messages, ...

Remediation

It's recommended to handle exceptions internally and do not display errors containing potentially sensitive information to a user.

References

Testing for Stack Traces

Related Vulnerabilities

Adminer 4.6.2 file disclosure vulnerability

WordPress Plugin Advanced XML Reader XML External Entity Information Disclosure (0.3.4)

WordPress Plugin WooCommerce Arbitrary File Download (3.4.5)

WordPress Plugin Cart66 Pro Arbitrary File Disclosure (1.5.3)

WordPress Plugin S3Bubble Cloud Video With Adverts & Analytics Arbitrary File Download (0.7)

Severity

Low

Classification

CWE-209 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure