Description

One or more stack traces were identified. The web application has generated an error message that includes sensitive information about its environment, users, or associated data.

The stack trace can disclose potentially sensitive information such as: physical file paths of relevant files, source code fragments, version information of various packages, database information, error messages, ...

Remediation

It's recommended to handle exceptions internally and do not display errors containing potentially sensitive information to a user.

References

Stack Trace Disclosure (RoR) | Invicti

Related Vulnerabilities

TorchServe Management API publicly exposed

WordPress Plugin Mashshare-Social Media Icons SEO Share Buttons for Facebook, Twitter, Subscribe Information Disclosure (2.3.0)

Error page path disclosure

Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.25)

Arbitrary file existence disclosure in Action Pack

Severity

Medium

Classification

CWE-209 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure