Description

One or more configuration files (e.g. Vagrantfile, Gemfile, Rakefile, ...) were found. These files may expose sensitive information that could help a malicious user to prepare more advanced attacks. It's recommended to remove or restrict access to this type of files from production systems.

Remediation

Remove or restrict access to all configuration files acessible from internet.

Related Vulnerabilities

WordPress Plugin WP-Live Chat by 3CX Information Disclosure (8.0.28)

ASP.NET error message

WordPress Plugin CodeArt-Google MP3 Player Arbitrary File Disclosure (1.0.11)

Session ID in URL

Drupal Core 8.9.x Information Disclosure (8.9.0 - 8.9.5)

Severity

Medium

Classification

CWE-538 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Dev Files Test Files