Description

The web application exposes Delve Debugger port. It's not recommended to have Delve service publicly accessible as the debugger has full access to the Go app and an attacker may be able to execute arbitrary code.

Remediation

Disable Debugger or restrict access to it

References

Delve

Related Vulnerabilities

WordPress 4.7 Multiple Vulnerabilities (4.7)

WordPress Plugin Mashshare-Social Media Icons SEO Share Buttons for Facebook, Twitter, Subscribe Information Disclosure (2.3.0)

GraphQL Field Suggestions Enabled

Web application default/weak credentials

Microsoft IIS5 NTLM and Basic authentication bypass

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Information Disclosure Configuration