Description

This Ruby on Rails web application is running in development mode. When you generate a Ruby on Rails application it will create three environments: development, production and test. In development mode, Rails is not as secure as it shows diagnostics pages that leak a lot of sensitive information about the application internals.

Remediation

It's recommended to configure your Rails application to run in production mode. Usually, the following command will run your application in production mode. 

rails server -e production

References

Getting Started with Rails

Rails Insecure Defaults

Use of Ruby on Rails environments

Related Vulnerabilities

ASP.NET WCF metadata enabled for behavior

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4593)

Node.js Web Application does not handle uncaughtException

nginx range filter integer overflow

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1902)

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration