Description
Ruby on Rails applications store database configuration information in a file named config/database.yml. By default it contains three configurations: production, development, and test. The information stored in this file is highly sensitive and should not be found in a production system.
Remediation
Restrict access to this file or remove it from the system.
References
Related Vulnerabilities
WordPress Plugin Caldera Forms-More Than Contact Forms Information Disclosure (1.3.5.2)
WordPress Plugin Simple History Information Disclosure (2.7.4)
Symfony ESI (Edge-Side Includes) enabled
ASP.NET WCF service include exception details
WordPress Plugin U BuddyPress Forum Attachment 'fileurl' Parameter Remote File Disclosure (1.1.1)