Description
The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.
Remediation
References
Related Vulnerabilities
TYPO3 Cleartext Transmission of Sensitive Information Vulnerability (CVE-2022-31046)
WordPress Plugin Happy Addons for Elementor Pro Cross-Site Scripting (1.16.0)
XWikiplatform Missing Authorization Vulnerability (CVE-2024-31997)
Oracle Application Server CVE-2009-0990 Vulnerability (CVE-2009-0990)
WordPress Plugin yURL ReTwitt Cross-Site Request Forgery (1.4)