Description

The web application exposes Delve Debugger port. It's not recommended to have Delve service publicly accessible as the debugger has full access to the Go app and an attacker may be able to execute arbitrary code.

Remediation

Disable Debugger or restrict access to it

References

Delve

Related Vulnerabilities

WordPress Plugin Slack-Chat Information Disclosure (1.5.5)

WordPress Plugin Modern Events Calendar Lite Multiple Vulnerabilities (5.16.2)

WordPress Plugin Media Library Assistant Information Disclosure (3.00)

WordPress Plugin Email newsletter 'option' Parameter Information Disclosure (8.0)

WordPress Plugin W3 Total Cache Multiple Vulnerabilities (0.9.4.1)

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Information Disclosure Configuration