Description

A dotenv file (.env) was found in this directory. Dotenv files are used to load environment variables from a .env file into the running process.

This file may expose sensitive information that could help a malicious user to prepare more advanced attacks. It's recommended to remove or restrict access to this type of files from production systems.

Remediation

Remove or restrict access to all configuration files acessible from internet.

References

Scanning 2.6 Million Domains for Exposed .Env Files

A3:2017-Sensitive Data Exposure

Related Vulnerabilities

XML External Entity Injection via external file

WordPress Plugin Unyson Information Disclosure (2.7.18)

WordPress Plugin SL User Create Information Disclosure (0.2.4)

Atlassian Jira Manage Filters information disclosure

WordPress Plugin U Extended Comment 'fileurl' Parameter Arbitrary File Download (1.0.1)

Severity

High

Classification

CWE-538 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Test Files