Description
The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.
Remediation
References
Related Vulnerabilities
MySQL CVE-2022-21304 Vulnerability (CVE-2022-21304)
WordPress Plugin Ultimate FAQ Cross-Site Scripting (1.8.29)
Oracle Database Server Other Vulnerability (CVE-2007-1442)
MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-30152)
WordPress Plugin S3Bubble Cloud Video With Adverts & Analytics Arbitrary File Download (0.7)