Description

The web application exposes Delve Debugger port. It's not recommended to have Delve service publicly accessible as the debugger has full access to the Go app and an attacker may be able to execute arbitrary code.

Remediation

Disable Debugger or restrict access to it

References

Delve

Related Vulnerabilities

PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5288)

Drupal Backup Migrate directory publicly accessible

Squid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-12529)

WordPress Plugin Acumbamail Information Disclosure (1.0.4)

WordPress Plugin Gallery-Flagallery Photo Portfolio Information Disclosure (4.24)

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Information Disclosure Configuration