@zerothreatai/vulnerability-registry 2.0.0 → 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/categories/authentication.js +17 -0
- package/dist/categories/configuration.js +501 -0
- package/dist/categories/injection.js +34 -0
- package/dist/categories/sensitive-paths.js +84 -0
- package/dist/categories/ssrf.js +11 -0
- package/dist/categories/xss.js +15 -0
- package/dist/category.d.ts +6 -0
- package/dist/category.js +15 -0
- package/dist/error-codes.d.ts +20 -0
- package/dist/error-codes.js +20 -0
- package/dist/index.d.ts +9 -1
- package/dist/index.js +5 -1
- package/dist/scanner.d.ts +6 -0
- package/dist/scanner.js +22 -0
- package/dist/types.d.ts +2 -0
- package/dist-cjs/categories/authentication.js +17 -0
- package/dist-cjs/categories/configuration.js +501 -0
- package/dist-cjs/categories/injection.js +34 -0
- package/dist-cjs/categories/sensitive-paths.js +84 -0
- package/dist-cjs/categories/ssrf.js +11 -0
- package/dist-cjs/categories/xss.js +15 -0
- package/dist-cjs/category.js +18 -0
- package/dist-cjs/error-codes.js +20 -0
- package/dist-cjs/index.js +7 -1
- package/dist-cjs/scanner.js +25 -0
- package/package.json +1 -1
- package/src/categories/authentication.js +54 -40
- package/src/categories/authentication.ts +134 -117
- package/src/categories/configuration.js +990 -114
- package/src/categories/configuration.ts +1625 -1104
- package/src/categories/injection.js +105 -74
- package/src/categories/injection.ts +129 -95
- package/src/categories/sensitive-paths.js +255 -174
- package/src/categories/sensitive-paths.ts +84 -0
- package/src/categories/ssrf.js +36 -28
- package/src/categories/ssrf.ts +11 -0
- package/src/categories/xss.js +47 -35
- package/src/categories/xss.ts +15 -0
- package/src/category.ts +16 -0
- package/src/error-codes.d.ts +38 -0
- package/src/error-codes.js +41 -6
- package/src/error-codes.ts +25 -5
- package/src/index.js +33 -48
- package/src/index.ts +20 -14
- package/src/scanner.ts +23 -0
- package/src/types.d.ts +2 -0
- package/src/types.js +1 -2
- package/src/types.ts +4 -2
- package/zerothreatai-vulnerability-registry-4npm .0.0.tgz +0 -0
|
@@ -18,6 +18,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
18
18
|
title: 'AWS Credentials Exposed',
|
|
19
19
|
description: 'AWS credentials file (.aws/credentials) is publicly accessible containing AWS Access Key ID and Secret Access Key, enabling complete access to AWS services including S3 buckets, EC2 instances, RDS databases, and all cloud resources associated with the compromised account.',
|
|
20
20
|
severity: 'critical',
|
|
21
|
+
levelId: 1,
|
|
21
22
|
category: 'information_disclosure',
|
|
22
23
|
scanner: 'sensitive-path-scout',
|
|
23
24
|
cvss: {
|
|
@@ -40,6 +41,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
40
41
|
title: 'SSH Private Key Exposed',
|
|
41
42
|
description: 'SSH private key file (id_rsa, id_ed25519) is publicly accessible, allowing attackers to authenticate to any system where the corresponding public key is authorized, potentially including production servers, databases, and version control systems.',
|
|
42
43
|
severity: 'critical',
|
|
44
|
+
levelId: 1,
|
|
43
45
|
category: 'information_disclosure',
|
|
44
46
|
scanner: 'sensitive-path-scout',
|
|
45
47
|
cvss: {
|
|
@@ -61,6 +63,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
61
63
|
title: 'SSL/TLS Private Key Exposed',
|
|
62
64
|
description: 'SSL/TLS private key file is publicly accessible, enabling attackers to decrypt all HTTPS traffic, perform man-in-the-middle attacks, and impersonate the server for phishing or credential theft operations against legitimate users.',
|
|
63
65
|
severity: 'critical',
|
|
66
|
+
levelId: 1,
|
|
64
67
|
category: 'cryptographic',
|
|
65
68
|
scanner: 'sensitive-path-scout',
|
|
66
69
|
cvss: {
|
|
@@ -82,6 +85,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
82
85
|
title: 'Rails Master Key Exposed',
|
|
83
86
|
description: 'Rails master.key file is publicly accessible, allowing decryption of all Rails encrypted credentials including database passwords, API keys, and session secrets, enabling complete application compromise and access to all encrypted secrets.',
|
|
84
87
|
severity: 'critical',
|
|
88
|
+
levelId: 1,
|
|
85
89
|
category: 'information_disclosure',
|
|
86
90
|
scanner: 'sensitive-path-scout',
|
|
87
91
|
cvss: {
|
|
@@ -103,6 +107,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
103
107
|
title: 'Terraform State File Exposed',
|
|
104
108
|
description: 'Terraform state file (tfstate) is publicly accessible containing complete infrastructure configuration, resource IDs, IP addresses, and potentially sensitive outputs including database passwords and API keys stored in plain text.',
|
|
105
109
|
severity: 'critical',
|
|
110
|
+
levelId: 1,
|
|
106
111
|
category: 'information_disclosure',
|
|
107
112
|
scanner: 'sensitive-path-scout',
|
|
108
113
|
cvss: {
|
|
@@ -124,6 +129,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
124
129
|
title: 'Kubernetes Config Exposed',
|
|
125
130
|
description: 'Kubernetes kubeconfig file is publicly accessible containing cluster credentials, certificates, and tokens that allow full administrative access to Kubernetes clusters including ability to deploy, modify, and delete all workloads.',
|
|
126
131
|
severity: 'critical',
|
|
132
|
+
levelId: 1,
|
|
127
133
|
category: 'information_disclosure',
|
|
128
134
|
scanner: 'sensitive-path-scout',
|
|
129
135
|
cvss: {
|
|
@@ -145,6 +151,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
145
151
|
title: 'HashiCorp Vault Secret Exposed',
|
|
146
152
|
description: 'HashiCorp Vault secrets or root token exposed, providing access to the centralized secrets management system and all secrets stored within, potentially compromising hundreds of application credentials and encryption keys.',
|
|
147
153
|
severity: 'critical',
|
|
154
|
+
levelId: 1,
|
|
148
155
|
category: 'information_disclosure',
|
|
149
156
|
scanner: 'sensitive-path-scout',
|
|
150
157
|
cvss: {
|
|
@@ -169,6 +176,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
169
176
|
title: 'Git Repository Exposed',
|
|
170
177
|
description: 'Git repository metadata (.git/HEAD, .git/config) is publicly accessible, allowing attackers to download the complete repository including all source code, commit history, configuration files, and potentially credentials committed accidentally.',
|
|
171
178
|
severity: 'high',
|
|
179
|
+
levelId: 2,
|
|
172
180
|
category: 'information_disclosure',
|
|
173
181
|
scanner: 'sensitive-path-scout',
|
|
174
182
|
cvss: {
|
|
@@ -190,6 +198,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
190
198
|
title: 'Environment File Exposed',
|
|
191
199
|
description: 'Environment configuration file (.env, .env.local, .env.production) is publicly accessible containing application secrets, database credentials, API keys, and other sensitive configuration that should never be exposed to end users.',
|
|
192
200
|
severity: 'high',
|
|
201
|
+
levelId: 2,
|
|
193
202
|
category: 'information_disclosure',
|
|
194
203
|
scanner: 'sensitive-path-scout',
|
|
195
204
|
cvss: {
|
|
@@ -211,6 +220,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
211
220
|
title: 'WordPress Configuration File Exposed',
|
|
212
221
|
description: 'WordPress wp-config.php file is accessible and readable, exposing database credentials, authentication keys, salts, table prefix, and debug settings that allow complete compromise of the WordPress installation and underlying database.',
|
|
213
222
|
severity: 'high',
|
|
223
|
+
levelId: 2,
|
|
214
224
|
category: 'information_disclosure',
|
|
215
225
|
scanner: 'sensitive-path-scout',
|
|
216
226
|
cvss: {
|
|
@@ -232,6 +242,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
232
242
|
title: 'Spring Boot Actuator Endpoints Exposed',
|
|
233
243
|
description: 'Spring Boot Actuator management endpoints are publicly accessible without authentication, exposing application internals including environment variables, configuration properties, health status, thread dumps, and potentially enabling remote code execution through certain endpoints.',
|
|
234
244
|
severity: 'high',
|
|
245
|
+
levelId: 2,
|
|
235
246
|
category: 'information_disclosure',
|
|
236
247
|
scanner: 'sensitive-path-scout',
|
|
237
248
|
cvss: {
|
|
@@ -254,6 +265,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
254
265
|
title: 'Spring Boot Heapdump Exposed',
|
|
255
266
|
description: 'Spring Boot Actuator heapdump endpoint is accessible allowing download of JVM heap memory containing sensitive runtime data including session tokens, passwords, encryption keys, personal data, and other secrets temporarily held in application memory.',
|
|
256
267
|
severity: 'critical',
|
|
268
|
+
levelId: 1,
|
|
257
269
|
category: 'information_disclosure',
|
|
258
270
|
scanner: 'sensitive-path-scout',
|
|
259
271
|
cvss: {
|
|
@@ -275,6 +287,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
275
287
|
title: 'PHP Info Page Exposed',
|
|
276
288
|
description: 'PHP info page (phpinfo.php) is publicly accessible revealing complete server configuration including PHP version, loaded modules, environment variables, system paths, and potentially database connection strings that aid attackers in planning targeted attacks.',
|
|
277
289
|
severity: 'medium',
|
|
290
|
+
levelId: 3,
|
|
278
291
|
category: 'information_disclosure',
|
|
279
292
|
scanner: 'sensitive-path-scout',
|
|
280
293
|
cvss: {
|
|
@@ -296,6 +309,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
296
309
|
title: 'Laravel Debug Mode Enabled',
|
|
297
310
|
description: 'Laravel application is running with debug mode enabled in production, exposing detailed stack traces, database queries, environment variables, and potentially the APP_KEY which can be used to decrypt session data and forge authenticated sessions.',
|
|
298
311
|
severity: 'high',
|
|
312
|
+
levelId: 2,
|
|
299
313
|
category: 'information_disclosure',
|
|
300
314
|
scanner: 'sensitive-path-scout',
|
|
301
315
|
cvss: {
|
|
@@ -317,6 +331,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
317
331
|
title: 'GraphQL Introspection Enabled',
|
|
318
332
|
description: 'GraphQL API has introspection enabled in production, allowing attackers to query the complete schema including all types, queries, mutations, and fields, which reveals the entire API structure and aids in discovering sensitive operations and data access points.',
|
|
319
333
|
severity: 'medium',
|
|
334
|
+
levelId: 3,
|
|
320
335
|
category: 'information_disclosure',
|
|
321
336
|
scanner: 'sensitive-path-scout',
|
|
322
337
|
cvss: {
|
|
@@ -338,6 +353,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
338
353
|
title: 'Database Backup File Exposed',
|
|
339
354
|
description: 'Database backup or dump file (.sql, .dump, .bak) is publicly accessible containing complete database contents including user credentials, personal information, business data, and all other stored information enabling massive data breach.',
|
|
340
355
|
severity: 'critical',
|
|
356
|
+
levelId: 1,
|
|
341
357
|
category: 'information_disclosure',
|
|
342
358
|
scanner: 'sensitive-path-scout',
|
|
343
359
|
cvss: {
|
|
@@ -362,6 +378,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
362
378
|
title: 'Swagger/OpenAPI Documentation Exposed',
|
|
363
379
|
description: 'API documentation (swagger.json, openapi.yaml) is publicly accessible revealing complete API structure including all endpoints, parameters, authentication methods, and data models which aids attackers in understanding and exploiting the API systematically.',
|
|
364
380
|
severity: 'low',
|
|
381
|
+
levelId: 4,
|
|
365
382
|
category: 'information_disclosure',
|
|
366
383
|
scanner: 'sensitive-path-scout',
|
|
367
384
|
cvss: {
|
|
@@ -383,6 +400,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
383
400
|
title: 'Prometheus Metrics Endpoint Exposed',
|
|
384
401
|
description: 'Prometheus metrics endpoint (/metrics) is publicly accessible exposing application performance data, error rates, request patterns, resource usage, and potentially business metrics that reveal internal operations and aid in planning attacks.',
|
|
385
402
|
severity: 'medium',
|
|
403
|
+
levelId: 3,
|
|
386
404
|
category: 'information_disclosure',
|
|
387
405
|
scanner: 'sensitive-path-scout',
|
|
388
406
|
cvss: {
|
|
@@ -404,6 +422,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
404
422
|
title: 'Admin Panel Publicly Accessible',
|
|
405
423
|
description: 'Administrative interface is accessible from the public internet without IP restrictions, enabling brute force attacks against admin credentials and exposing sensitive management functionality that should be restricted to internal networks only.',
|
|
406
424
|
severity: 'medium',
|
|
425
|
+
levelId: 3,
|
|
407
426
|
category: 'access_control',
|
|
408
427
|
scanner: 'sensitive-path-scout',
|
|
409
428
|
cvss: {
|
|
@@ -425,6 +444,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
425
444
|
title: 'JavaScript Source Maps Exposed',
|
|
426
445
|
description: 'JavaScript source map files (.js.map) are publicly accessible allowing attackers to view original unminified source code including comments, variable names, internal logic, and potentially security-sensitive implementation details.',
|
|
427
446
|
severity: 'low',
|
|
447
|
+
levelId: 4,
|
|
428
448
|
category: 'information_disclosure',
|
|
429
449
|
scanner: 'sensitive-path-scout',
|
|
430
450
|
cvss: {
|
|
@@ -449,6 +469,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
449
469
|
title: 'Un Protected Config JSON',
|
|
450
470
|
description: 'The application exposes un protected config json in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
451
471
|
severity: 'medium',
|
|
472
|
+
levelId: 3,
|
|
452
473
|
category: 'information_disclosure',
|
|
453
474
|
scanner: 'sensitive-path-scout',
|
|
454
475
|
cvss: {
|
|
@@ -470,6 +491,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
470
491
|
title: 'Web Server Configuration File Detected',
|
|
471
492
|
description: 'The application exposes web server configuration file detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
472
493
|
severity: 'high',
|
|
494
|
+
levelId: 2,
|
|
473
495
|
category: 'information_disclosure',
|
|
474
496
|
scanner: 'sensitive-path-scout',
|
|
475
497
|
cvss: {
|
|
@@ -491,6 +513,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
491
513
|
title: 'Appsettings JSON Exposed',
|
|
492
514
|
description: 'The application exposes appsettings json exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
493
515
|
severity: 'high',
|
|
516
|
+
levelId: 2,
|
|
494
517
|
category: 'information_disclosure',
|
|
495
518
|
scanner: 'sensitive-path-scout',
|
|
496
519
|
cvss: {
|
|
@@ -512,6 +535,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
512
535
|
title: 'Spring Config Exposed',
|
|
513
536
|
description: 'The application exposes spring config exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
514
537
|
severity: 'high',
|
|
538
|
+
levelId: 2,
|
|
515
539
|
category: 'information_disclosure',
|
|
516
540
|
scanner: 'sensitive-path-scout',
|
|
517
541
|
cvss: {
|
|
@@ -533,6 +557,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
533
557
|
title: 'Npmrc Exposed',
|
|
534
558
|
description: 'The application exposes npmrc exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
535
559
|
severity: 'high',
|
|
560
|
+
levelId: 2,
|
|
536
561
|
category: 'information_disclosure',
|
|
537
562
|
scanner: 'sensitive-path-scout',
|
|
538
563
|
cvss: {
|
|
@@ -554,6 +579,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
554
579
|
title: 'TOML Project File Exposed',
|
|
555
580
|
description: 'The application exposes toml project file exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
556
581
|
severity: 'low',
|
|
582
|
+
levelId: 4,
|
|
557
583
|
category: 'information_disclosure',
|
|
558
584
|
scanner: 'sensitive-path-scout',
|
|
559
585
|
cvss: {
|
|
@@ -575,6 +601,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
575
601
|
title: 'Rails Database YML Exposed',
|
|
576
602
|
description: 'The application exposes rails database yml exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
577
603
|
severity: 'high',
|
|
604
|
+
levelId: 2,
|
|
578
605
|
category: 'information_disclosure',
|
|
579
606
|
scanner: 'sensitive-path-scout',
|
|
580
607
|
cvss: {
|
|
@@ -596,6 +623,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
596
623
|
title: 'Drupal Settings PHP Exposed',
|
|
597
624
|
description: 'The application exposes drupal settings php exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
598
625
|
severity: 'high',
|
|
626
|
+
levelId: 2,
|
|
599
627
|
category: 'information_disclosure',
|
|
600
628
|
scanner: 'sensitive-path-scout',
|
|
601
629
|
cvss: {
|
|
@@ -617,6 +645,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
617
645
|
title: 'Magento Env PHP Exposed',
|
|
618
646
|
description: 'The application exposes magento env php exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
619
647
|
severity: 'high',
|
|
648
|
+
levelId: 2,
|
|
620
649
|
category: 'information_disclosure',
|
|
621
650
|
scanner: 'sensitive-path-scout',
|
|
622
651
|
cvss: {
|
|
@@ -638,6 +667,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
638
667
|
title: 'Jolokia Exposed',
|
|
639
668
|
description: 'The application exposes jolokia exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
640
669
|
severity: 'high',
|
|
670
|
+
levelId: 2,
|
|
641
671
|
category: 'information_disclosure',
|
|
642
672
|
scanner: 'sensitive-path-scout',
|
|
643
673
|
cvss: {
|
|
@@ -659,6 +689,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
659
689
|
title: 'SVN Working Copy Database Exposed',
|
|
660
690
|
description: 'The application exposes svn working copy database exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
661
691
|
severity: 'high',
|
|
692
|
+
levelId: 2,
|
|
662
693
|
category: 'information_disclosure',
|
|
663
694
|
scanner: 'sensitive-path-scout',
|
|
664
695
|
cvss: {
|
|
@@ -680,6 +711,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
680
711
|
title: 'Subversion Repository Detected',
|
|
681
712
|
description: 'The application exposes subversion repository detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
682
713
|
severity: 'high',
|
|
714
|
+
levelId: 2,
|
|
683
715
|
category: 'information_disclosure',
|
|
684
716
|
scanner: 'sensitive-path-scout',
|
|
685
717
|
cvss: {
|
|
@@ -701,6 +733,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
701
733
|
title: 'Mercurial Repository Found',
|
|
702
734
|
description: 'The application exposes mercurial repository found in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
703
735
|
severity: 'medium',
|
|
736
|
+
levelId: 3,
|
|
704
737
|
category: 'information_disclosure',
|
|
705
738
|
scanner: 'sensitive-path-scout',
|
|
706
739
|
cvss: {
|
|
@@ -722,6 +755,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
722
755
|
title: 'Mercurial Hgrc Exposed',
|
|
723
756
|
description: 'The application exposes mercurial hgrc exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
724
757
|
severity: 'medium',
|
|
758
|
+
levelId: 3,
|
|
725
759
|
category: 'information_disclosure',
|
|
726
760
|
scanner: 'sensitive-path-scout',
|
|
727
761
|
cvss: {
|
|
@@ -743,6 +777,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
743
777
|
title: 'CVS Root Exposed',
|
|
744
778
|
description: 'The application exposes cvs root exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
745
779
|
severity: 'medium',
|
|
780
|
+
levelId: 3,
|
|
746
781
|
category: 'information_disclosure',
|
|
747
782
|
scanner: 'sensitive-path-scout',
|
|
748
783
|
cvss: {
|
|
@@ -764,6 +799,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
764
799
|
title: 'CVS Entries Exposed',
|
|
765
800
|
description: 'The application exposes cvs entries exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
766
801
|
severity: 'medium',
|
|
802
|
+
levelId: 3,
|
|
767
803
|
category: 'information_disclosure',
|
|
768
804
|
scanner: 'sensitive-path-scout',
|
|
769
805
|
cvss: {
|
|
@@ -785,6 +821,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
785
821
|
title: 'Bazaar Repo Exposed',
|
|
786
822
|
description: 'The application exposes bazaar repo exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
787
823
|
severity: 'medium',
|
|
824
|
+
levelId: 3,
|
|
788
825
|
category: 'information_disclosure',
|
|
789
826
|
scanner: 'sensitive-path-scout',
|
|
790
827
|
cvss: {
|
|
@@ -806,6 +843,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
806
843
|
title: 'Spring Boot Thread Dump Exposed',
|
|
807
844
|
description: 'The application exposes spring boot thread dump exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
808
845
|
severity: 'high',
|
|
846
|
+
levelId: 2,
|
|
809
847
|
category: 'information_disclosure',
|
|
810
848
|
scanner: 'sensitive-path-scout',
|
|
811
849
|
cvss: {
|
|
@@ -827,6 +865,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
827
865
|
title: 'Redis Rdb Dump Detected',
|
|
828
866
|
description: 'The application exposes redis rdb dump detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
829
867
|
severity: 'high',
|
|
868
|
+
levelId: 2,
|
|
830
869
|
category: 'information_disclosure',
|
|
831
870
|
scanner: 'sensitive-path-scout',
|
|
832
871
|
cvss: {
|
|
@@ -848,6 +887,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
848
887
|
title: 'Atlassian Bitbucket Pipelines Configuration Detected',
|
|
849
888
|
description: 'The application exposes atlassian bitbucket pipelines configuration detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
850
889
|
severity: 'low',
|
|
890
|
+
levelId: 4,
|
|
851
891
|
category: 'information_disclosure',
|
|
852
892
|
scanner: 'sensitive-path-scout',
|
|
853
893
|
cvss: {
|
|
@@ -869,6 +909,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
869
909
|
title: 'AZURE Pipelines Configuration Detected',
|
|
870
910
|
description: 'The application exposes azure pipelines configuration detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
871
911
|
severity: 'low',
|
|
912
|
+
levelId: 4,
|
|
872
913
|
category: 'information_disclosure',
|
|
873
914
|
scanner: 'sensitive-path-scout',
|
|
874
915
|
cvss: {
|
|
@@ -890,6 +931,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
890
931
|
title: 'AWS Code Build Buildspec Detected',
|
|
891
932
|
description: 'The application exposes aws code build buildspec detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
892
933
|
severity: 'low',
|
|
934
|
+
levelId: 4,
|
|
893
935
|
category: 'information_disclosure',
|
|
894
936
|
scanner: 'sensitive-path-scout',
|
|
895
937
|
cvss: {
|
|
@@ -911,6 +953,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
911
953
|
title: 'Github Actions Workflow Detected',
|
|
912
954
|
description: 'The application exposes github actions workflow detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
913
955
|
severity: 'low',
|
|
956
|
+
levelId: 4,
|
|
914
957
|
category: 'information_disclosure',
|
|
915
958
|
scanner: 'sensitive-path-scout',
|
|
916
959
|
cvss: {
|
|
@@ -932,6 +975,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
932
975
|
title: 'Docker Compose Configuration Detected',
|
|
933
976
|
description: 'The application exposes docker compose configuration detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
934
977
|
severity: 'medium',
|
|
978
|
+
levelId: 3,
|
|
935
979
|
category: 'information_disclosure',
|
|
936
980
|
scanner: 'sensitive-path-scout',
|
|
937
981
|
cvss: {
|
|
@@ -953,6 +997,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
953
997
|
title: 'Trace Axd',
|
|
954
998
|
description: 'The application exposes trace axd in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
955
999
|
severity: 'high',
|
|
1000
|
+
levelId: 2,
|
|
956
1001
|
category: 'information_disclosure',
|
|
957
1002
|
scanner: 'sensitive-path-scout',
|
|
958
1003
|
cvss: {
|
|
@@ -974,6 +1019,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
974
1019
|
title: 'Elmah Axd Exposed',
|
|
975
1020
|
description: 'The application exposes elmah axd exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
976
1021
|
severity: 'high',
|
|
1022
|
+
levelId: 2,
|
|
977
1023
|
category: 'information_disclosure',
|
|
978
1024
|
scanner: 'sensitive-path-scout',
|
|
979
1025
|
cvss: {
|
|
@@ -995,6 +1041,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
995
1041
|
title: 'Laravel Log Viewer Enabled',
|
|
996
1042
|
description: 'The application exposes laravel log viewer enabled in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
997
1043
|
severity: 'medium',
|
|
1044
|
+
levelId: 3,
|
|
998
1045
|
category: 'information_disclosure',
|
|
999
1046
|
scanner: 'sensitive-path-scout',
|
|
1000
1047
|
cvss: {
|
|
@@ -1016,6 +1063,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1016
1063
|
title: 'Apache Htaccess File Detected',
|
|
1017
1064
|
description: 'The application exposes apache htaccess file detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1018
1065
|
severity: 'medium',
|
|
1066
|
+
levelId: 3,
|
|
1019
1067
|
category: 'information_disclosure',
|
|
1020
1068
|
scanner: 'sensitive-path-scout',
|
|
1021
1069
|
cvss: {
|
|
@@ -1037,6 +1085,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1037
1085
|
title: 'Apache Server Info Exposed',
|
|
1038
1086
|
description: 'The application exposes apache server info exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1039
1087
|
severity: 'medium',
|
|
1088
|
+
levelId: 3,
|
|
1040
1089
|
category: 'information_disclosure',
|
|
1041
1090
|
scanner: 'sensitive-path-scout',
|
|
1042
1091
|
cvss: {
|
|
@@ -1058,6 +1107,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1058
1107
|
title: 'Sqlite Database Detected',
|
|
1059
1108
|
description: 'The application exposes sqlite database detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1060
1109
|
severity: 'high',
|
|
1110
|
+
levelId: 2,
|
|
1061
1111
|
category: 'information_disclosure',
|
|
1062
1112
|
scanner: 'sensitive-path-scout',
|
|
1063
1113
|
cvss: {
|
|
@@ -1079,6 +1129,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1079
1129
|
title: 'Package Dependencies Detected',
|
|
1080
1130
|
description: 'The application exposes package dependencies detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1081
1131
|
severity: 'medium',
|
|
1132
|
+
levelId: 3,
|
|
1082
1133
|
category: 'information_disclosure',
|
|
1083
1134
|
scanner: 'sensitive-path-scout',
|
|
1084
1135
|
cvss: {
|
|
@@ -1100,6 +1151,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1100
1151
|
title: 'PHP Composer Dependencies Detected',
|
|
1101
1152
|
description: 'The application exposes php composer dependencies detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1102
1153
|
severity: 'medium',
|
|
1154
|
+
levelId: 3,
|
|
1103
1155
|
category: 'information_disclosure',
|
|
1104
1156
|
scanner: 'sensitive-path-scout',
|
|
1105
1157
|
cvss: {
|
|
@@ -1121,6 +1173,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1121
1173
|
title: 'Python Requirements Detected',
|
|
1122
1174
|
description: 'The application exposes python requirements detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1123
1175
|
severity: 'low',
|
|
1176
|
+
levelId: 4,
|
|
1124
1177
|
category: 'information_disclosure',
|
|
1125
1178
|
scanner: 'sensitive-path-scout',
|
|
1126
1179
|
cvss: {
|
|
@@ -1142,6 +1195,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1142
1195
|
title: 'AWS Config Exposed',
|
|
1143
1196
|
description: 'The application exposes aws config exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1144
1197
|
severity: 'high',
|
|
1198
|
+
levelId: 2,
|
|
1145
1199
|
category: 'information_disclosure',
|
|
1146
1200
|
scanner: 'sensitive-path-scout',
|
|
1147
1201
|
cvss: {
|
|
@@ -1163,6 +1217,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1163
1217
|
title: 'AZURE Credentials Exposed',
|
|
1164
1218
|
description: 'The application exposes azure credentials exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1165
1219
|
severity: 'high',
|
|
1220
|
+
levelId: 2,
|
|
1166
1221
|
category: 'information_disclosure',
|
|
1167
1222
|
scanner: 'sensitive-path-scout',
|
|
1168
1223
|
cvss: {
|
|
@@ -1184,6 +1239,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1184
1239
|
title: 'Helm Values Exposed',
|
|
1185
1240
|
description: 'The application exposes helm values exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1186
1241
|
severity: 'high',
|
|
1242
|
+
levelId: 2,
|
|
1187
1243
|
category: 'information_disclosure',
|
|
1188
1244
|
scanner: 'sensitive-path-scout',
|
|
1189
1245
|
cvss: {
|
|
@@ -1205,6 +1261,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1205
1261
|
title: 'SSH Public Key Exposed',
|
|
1206
1262
|
description: 'The application exposes ssh public key exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1207
1263
|
severity: 'medium',
|
|
1264
|
+
levelId: 3,
|
|
1208
1265
|
category: 'information_disclosure',
|
|
1209
1266
|
scanner: 'sensitive-path-scout',
|
|
1210
1267
|
cvss: {
|
|
@@ -1226,6 +1283,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1226
1283
|
title: 'SSL Certificate Exposed',
|
|
1227
1284
|
description: 'The application exposes ssl certificate exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1228
1285
|
severity: 'medium',
|
|
1286
|
+
levelId: 3,
|
|
1229
1287
|
category: 'information_disclosure',
|
|
1230
1288
|
scanner: 'sensitive-path-scout',
|
|
1231
1289
|
cvss: {
|
|
@@ -1247,6 +1305,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1247
1305
|
title: 'Graph Ql Endpoint Exposed',
|
|
1248
1306
|
description: 'The application exposes graph ql endpoint exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1249
1307
|
severity: 'medium',
|
|
1308
|
+
levelId: 3,
|
|
1250
1309
|
category: 'information_disclosure',
|
|
1251
1310
|
scanner: 'sensitive-path-scout',
|
|
1252
1311
|
cvss: {
|
|
@@ -1268,6 +1327,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1268
1327
|
title: 'Graphi Ql Exposed',
|
|
1269
1328
|
description: 'The application exposes graphi ql exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1270
1329
|
severity: 'medium',
|
|
1330
|
+
levelId: 3,
|
|
1271
1331
|
category: 'information_disclosure',
|
|
1272
1332
|
scanner: 'sensitive-path-scout',
|
|
1273
1333
|
cvss: {
|
|
@@ -1289,6 +1349,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1289
1349
|
title: 'Terraform Lock Exposed',
|
|
1290
1350
|
description: 'The application exposes terraform lock exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1291
1351
|
severity: 'medium',
|
|
1352
|
+
levelId: 3,
|
|
1292
1353
|
category: 'information_disclosure',
|
|
1293
1354
|
scanner: 'sensitive-path-scout',
|
|
1294
1355
|
cvss: {
|
|
@@ -1310,6 +1371,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1310
1371
|
title: 'Terraform Vars Exposed',
|
|
1311
1372
|
description: 'The application exposes terraform vars exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1312
1373
|
severity: 'high',
|
|
1374
|
+
levelId: 2,
|
|
1313
1375
|
category: 'information_disclosure',
|
|
1314
1376
|
scanner: 'sensitive-path-scout',
|
|
1315
1377
|
cvss: {
|
|
@@ -1331,6 +1393,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1331
1393
|
title: 'Error Log Exposed',
|
|
1332
1394
|
description: 'The application exposes error log exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1333
1395
|
severity: 'medium',
|
|
1396
|
+
levelId: 3,
|
|
1334
1397
|
category: 'information_disclosure',
|
|
1335
1398
|
scanner: 'sensitive-path-scout',
|
|
1336
1399
|
cvss: {
|
|
@@ -1352,6 +1415,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1352
1415
|
title: 'Access Log Exposed',
|
|
1353
1416
|
description: 'The application exposes access log exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1354
1417
|
severity: 'medium',
|
|
1418
|
+
levelId: 3,
|
|
1355
1419
|
category: 'information_disclosure',
|
|
1356
1420
|
scanner: 'sensitive-path-scout',
|
|
1357
1421
|
cvss: {
|
|
@@ -1373,6 +1437,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1373
1437
|
title: 'Debug Log Exposed',
|
|
1374
1438
|
description: 'The application exposes debug log exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1375
1439
|
severity: 'medium',
|
|
1440
|
+
levelId: 3,
|
|
1376
1441
|
category: 'information_disclosure',
|
|
1377
1442
|
scanner: 'sensitive-path-scout',
|
|
1378
1443
|
cvss: {
|
|
@@ -1394,6 +1459,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1394
1459
|
title: 'Application Log Exposed',
|
|
1395
1460
|
description: 'The application exposes application log exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1396
1461
|
severity: 'medium',
|
|
1462
|
+
levelId: 3,
|
|
1397
1463
|
category: 'information_disclosure',
|
|
1398
1464
|
scanner: 'sensitive-path-scout',
|
|
1399
1465
|
cvss: {
|
|
@@ -1415,6 +1481,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1415
1481
|
title: 'Laravel Log Exposed',
|
|
1416
1482
|
description: 'The application exposes laravel log exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1417
1483
|
severity: 'high',
|
|
1484
|
+
levelId: 2,
|
|
1418
1485
|
category: 'information_disclosure',
|
|
1419
1486
|
scanner: 'sensitive-path-scout',
|
|
1420
1487
|
cvss: {
|
|
@@ -1436,6 +1503,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1436
1503
|
title: 'Word Press Debug Log Exposed',
|
|
1437
1504
|
description: 'The application exposes word press debug log exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1438
1505
|
severity: 'high',
|
|
1506
|
+
levelId: 2,
|
|
1439
1507
|
category: 'information_disclosure',
|
|
1440
1508
|
scanner: 'sensitive-path-scout',
|
|
1441
1509
|
cvss: {
|
|
@@ -1457,6 +1525,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1457
1525
|
title: 'Adminer Exposed',
|
|
1458
1526
|
description: 'The application exposes adminer exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1459
1527
|
severity: 'high',
|
|
1528
|
+
levelId: 2,
|
|
1460
1529
|
category: 'information_disclosure',
|
|
1461
1530
|
scanner: 'sensitive-path-scout',
|
|
1462
1531
|
cvss: {
|
|
@@ -1478,6 +1547,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1478
1547
|
title: 'WSDL Exposed',
|
|
1479
1548
|
description: 'The application exposes wsdl exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1480
1549
|
severity: 'medium',
|
|
1550
|
+
levelId: 3,
|
|
1481
1551
|
category: 'information_disclosure',
|
|
1482
1552
|
scanner: 'sensitive-path-scout',
|
|
1483
1553
|
cvss: {
|
|
@@ -1499,6 +1569,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1499
1569
|
title: 'Debug Endpoint Exposed',
|
|
1500
1570
|
description: 'The application exposes debug endpoint exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1501
1571
|
severity: 'high',
|
|
1572
|
+
levelId: 2,
|
|
1502
1573
|
category: 'information_disclosure',
|
|
1503
1574
|
scanner: 'sensitive-path-scout',
|
|
1504
1575
|
cvss: {
|
|
@@ -1520,6 +1591,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1520
1591
|
title: 'Go Debug Vars Exposed',
|
|
1521
1592
|
description: 'The application exposes go debug vars exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1522
1593
|
severity: 'high',
|
|
1594
|
+
levelId: 2,
|
|
1523
1595
|
category: 'information_disclosure',
|
|
1524
1596
|
scanner: 'sensitive-path-scout',
|
|
1525
1597
|
cvss: {
|
|
@@ -1541,6 +1613,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1541
1613
|
title: 'Go Pprof Exposed',
|
|
1542
1614
|
description: 'The application exposes go pprof exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1543
1615
|
severity: 'high',
|
|
1616
|
+
levelId: 2,
|
|
1544
1617
|
category: 'information_disclosure',
|
|
1545
1618
|
scanner: 'sensitive-path-scout',
|
|
1546
1619
|
cvss: {
|
|
@@ -1562,6 +1635,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1562
1635
|
title: 'Word Press XML Rpc Exposed',
|
|
1563
1636
|
description: 'The application exposes word press xml rpc exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1564
1637
|
severity: 'medium',
|
|
1638
|
+
levelId: 3,
|
|
1565
1639
|
category: 'information_disclosure',
|
|
1566
1640
|
scanner: 'sensitive-path-scout',
|
|
1567
1641
|
cvss: {
|
|
@@ -1583,6 +1657,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1583
1657
|
title: 'Test Endpoint Exposed',
|
|
1584
1658
|
description: 'The application exposes test endpoint exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1585
1659
|
severity: 'low',
|
|
1660
|
+
levelId: 4,
|
|
1586
1661
|
category: 'information_disclosure',
|
|
1587
1662
|
scanner: 'sensitive-path-scout',
|
|
1588
1663
|
cvss: {
|
|
@@ -1604,6 +1679,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1604
1679
|
title: 'Staging Endpoint Exposed',
|
|
1605
1680
|
description: 'The application exposes staging endpoint exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1606
1681
|
severity: 'low',
|
|
1682
|
+
levelId: 4,
|
|
1607
1683
|
category: 'information_disclosure',
|
|
1608
1684
|
scanner: 'sensitive-path-scout',
|
|
1609
1685
|
cvss: {
|
|
@@ -1625,6 +1701,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1625
1701
|
title: 'Editor Backup File Detected',
|
|
1626
1702
|
description: 'The application exposes editor backup file detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1627
1703
|
severity: 'low',
|
|
1704
|
+
levelId: 4,
|
|
1628
1705
|
category: 'information_disclosure',
|
|
1629
1706
|
scanner: 'sensitive-path-scout',
|
|
1630
1707
|
cvss: {
|
|
@@ -1646,6 +1723,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1646
1723
|
title: 'VIM Swap File Detected',
|
|
1647
1724
|
description: 'The application exposes vim swap file detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1648
1725
|
severity: 'low',
|
|
1726
|
+
levelId: 4,
|
|
1649
1727
|
category: 'information_disclosure',
|
|
1650
1728
|
scanner: 'sensitive-path-scout',
|
|
1651
1729
|
cvss: {
|
|
@@ -1667,6 +1745,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1667
1745
|
title: 'Directory Listing Enabled',
|
|
1668
1746
|
description: 'The application exposes directory listing enabled in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1669
1747
|
severity: 'low',
|
|
1748
|
+
levelId: 4,
|
|
1670
1749
|
category: 'information_disclosure',
|
|
1671
1750
|
scanner: 'sensitive-path-scout',
|
|
1672
1751
|
cvss: {
|
|
@@ -1688,6 +1767,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1688
1767
|
title: 'AZURE Storage Config Exposed',
|
|
1689
1768
|
description: 'The application exposes azure storage config exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1690
1769
|
severity: 'high',
|
|
1770
|
+
levelId: 2,
|
|
1691
1771
|
category: 'information_disclosure',
|
|
1692
1772
|
scanner: 'sensitive-path-scout',
|
|
1693
1773
|
cvss: {
|
|
@@ -1709,6 +1789,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1709
1789
|
title: 'Mongo Rc Exposed',
|
|
1710
1790
|
description: 'The application exposes mongo rc exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1711
1791
|
severity: 'high',
|
|
1792
|
+
levelId: 2,
|
|
1712
1793
|
category: 'information_disclosure',
|
|
1713
1794
|
scanner: 'sensitive-path-scout',
|
|
1714
1795
|
cvss: {
|
|
@@ -1730,6 +1811,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1730
1811
|
title: 'Awssam Template Exposed',
|
|
1731
1812
|
description: 'The application exposes awssam template exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1732
1813
|
severity: 'low',
|
|
1814
|
+
levelId: 4,
|
|
1733
1815
|
category: 'information_disclosure',
|
|
1734
1816
|
scanner: 'sensitive-path-scout',
|
|
1735
1817
|
cvss: {
|
|
@@ -1751,6 +1833,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1751
1833
|
title: 'Serverless Config Exposed',
|
|
1752
1834
|
description: 'The application exposes serverless config exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1753
1835
|
severity: 'low',
|
|
1836
|
+
levelId: 4,
|
|
1754
1837
|
category: 'information_disclosure',
|
|
1755
1838
|
scanner: 'sensitive-path-scout',
|
|
1756
1839
|
cvss: {
|
|
@@ -1772,6 +1855,7 @@ exports.SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1772
1855
|
title: 'Cloud Formation Template Exposed',
|
|
1773
1856
|
description: 'The application exposes cloud formation template exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1774
1857
|
severity: 'low',
|
|
1858
|
+
levelId: 4,
|
|
1775
1859
|
category: 'information_disclosure',
|
|
1776
1860
|
scanner: 'sensitive-path-scout',
|
|
1777
1861
|
cvss: {
|