Description
Rails scaffolding is a quick way to generate some of the major pieces of a Rails application. When scaffolding is used, Rails will create automatically the models, views, and controllers for a new resource in a single operation. Output formats are handled in the controller automatically. JSON and XML are natively supported by Rails. Sometimes developers use scaffolding but don't properly restrict access to all the APIs generated automatically by Rails. In this case, sensitive information is leaked via the autogenerated APIs. Acunetix found an API that possibly leaks sensitive information.
Remediation
Acunetix cannot confirm this is a real vulnerability. Manual confirmation is required for this alert. Make sure the information disclosed in the HTTP response does not contain any sensitive information. If it does, adjust the Rails controller code to prevent this information from leaking.
References
Related Vulnerabilities
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2042)
Ruby on Rails weak/known secret token
WordPress Plugin IP Blacklist Cloud Arbitrary File Disclosure (3.42)
Apache 2.x version older than 2.0.48
WordPress Plugin Page and Post Clone Information Disclosure (1.1)