Description

The PHP Coding Standards Fixer (PHP CS Fixer) is a tool designed to automatically fix PHP coding standards issues. This tool has a caching mechanism that is enabled by default. The caching mechanism creates a file named (by default) .php_cs.cache.

It was confirmed that this cache file is publicly accessible in this directory. This cache file contains potentially sensitive information and it's recommended to restrict access to this file.

Remediation

You should restrict access to the .php_cs.cache file by adjusting your web server configuration.

References

PHP-CS-Fixer

PHP Coding Standards Fixer

Related Vulnerabilities

Jenkins user enumeration

Joomla! Core 3.x.x Information Disclosure (3.6.0 - 3.9.12)

WordPress Plugin WP CSS 'wp-css-compress.php' Local File Disclosure (2.0.5)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6627)

WordPress Plugin User Profile Picture Information Disclosure (2.4.0)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Test Files