Description
Due to a misconfiguration of a web server, qdPM configuration files are accessible for unauthenticated users
Remediation
Restrict access to configuration files
References
Related Vulnerabilities
GoCD information disclosure (CVE-2021-43287)
WordPress Plugin WP STAGING WordPress Backup-Migration Backup Restore Information Disclosure (3.4.3)
Spring Misconfiguration: HTML Escaping disabled
Deprecated Header Instruction Used to Implement Content Security Policy (CSP)
WordPress Plugin Eshop Magic Arbitrary File Disclosure (0.1)