WEB APPLICATION VULNERABILITIES Standard & Premium

Grails database console

Description

In the development mode Grails provides a database console (available at /dbconsole/). This database console should not be available in the production environment as it leaks sensitive information about the database structure and permits executing SQL queries.

Remediation

It's recommended to restrict access to the database console by running Grails in production mode.

References

Using the H2 Database Console in Grails

Related Vulnerabilities

WordPress Plugin Wholesale Market for WooCommerce Arbitrary File Download (1.0.7)

WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.11)

WordPress Plugin Total Upkeep-WordPress Backup plus Restore & Migrate by BoldGrid Information Disclosure (1.14.9)

Subresource Integrity (SRI) Not Implemented

WordPress Plugin BulletProof Security Information Disclosure (5.1)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure