Description

This Ruby on Rails web application is running in development mode. When you generate a Ruby on Rails application it will create three environments: development, production and test. In development mode, Rails is not as secure as it shows diagnostics pages that leak a lot of sensitive information about the application internals.

Remediation

It's recommended to configure your Rails application to run in production mode. Usually, the following command will run your application in production mode. 

rails server -e production

References

Getting Started with Rails

Rails Insecure Defaults

Use of Ruby on Rails environments

Related Vulnerabilities

WordPress full path disclosure

Unrestricted access to Apache HugeGraph

IBM WebSphere administration console weak password

Apache Spark Master Unauthorized Access Vulnerability

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-0215)

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration