@zerothreatai/vulnerability-registry 3.0.0 → 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/categories/authentication.js +17 -0
- package/dist/categories/configuration.js +501 -0
- package/dist/categories/injection.js +34 -0
- package/dist/categories/sensitive-paths.js +84 -0
- package/dist/categories/ssrf.js +11 -0
- package/dist/categories/xss.js +15 -0
- package/dist/category.d.ts +6 -0
- package/dist/category.js +15 -0
- package/dist/error-codes.d.ts +20 -0
- package/dist/error-codes.js +20 -0
- package/dist/index.d.ts +9 -1
- package/dist/index.js +5 -1
- package/dist/scanner.d.ts +6 -0
- package/dist/scanner.js +22 -0
- package/dist/types.d.ts +2 -0
- package/dist-cjs/categories/authentication.js +17 -0
- package/dist-cjs/categories/configuration.js +501 -0
- package/dist-cjs/categories/injection.js +34 -0
- package/dist-cjs/categories/sensitive-paths.js +84 -0
- package/dist-cjs/categories/ssrf.js +11 -0
- package/dist-cjs/categories/xss.js +15 -0
- package/dist-cjs/category.js +18 -0
- package/dist-cjs/error-codes.js +20 -0
- package/dist-cjs/index.js +7 -1
- package/dist-cjs/scanner.js +25 -0
- package/package.json +1 -1
- package/src/categories/authentication.js +54 -40
- package/src/categories/authentication.ts +134 -117
- package/src/categories/configuration.js +990 -114
- package/src/categories/configuration.ts +1625 -1104
- package/src/categories/injection.js +105 -74
- package/src/categories/injection.ts +129 -95
- package/src/categories/sensitive-paths.js +255 -174
- package/src/categories/sensitive-paths.ts +84 -0
- package/src/categories/ssrf.js +36 -28
- package/src/categories/ssrf.ts +11 -0
- package/src/categories/xss.js +47 -35
- package/src/categories/xss.ts +15 -0
- package/src/category.ts +16 -0
- package/src/error-codes.d.ts +38 -0
- package/src/error-codes.js +41 -6
- package/src/error-codes.ts +25 -5
- package/src/index.js +33 -48
- package/src/index.ts +20 -14
- package/src/scanner.ts +23 -0
- package/src/types.d.ts +2 -0
- package/src/types.js +1 -2
- package/src/types.ts +4 -2
- package/zerothreatai-vulnerability-registry-4npm .0.0.tgz +0 -0
|
@@ -15,6 +15,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
15
15
|
title: 'AWS Credentials Exposed',
|
|
16
16
|
description: 'AWS credentials file (.aws/credentials) is publicly accessible containing AWS Access Key ID and Secret Access Key, enabling complete access to AWS services including S3 buckets, EC2 instances, RDS databases, and all cloud resources associated with the compromised account.',
|
|
17
17
|
severity: 'critical',
|
|
18
|
+
levelId: 1,
|
|
18
19
|
category: 'information_disclosure',
|
|
19
20
|
scanner: 'sensitive-path-scout',
|
|
20
21
|
cvss: {
|
|
@@ -37,6 +38,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
37
38
|
title: 'SSH Private Key Exposed',
|
|
38
39
|
description: 'SSH private key file (id_rsa, id_ed25519) is publicly accessible, allowing attackers to authenticate to any system where the corresponding public key is authorized, potentially including production servers, databases, and version control systems.',
|
|
39
40
|
severity: 'critical',
|
|
41
|
+
levelId: 1,
|
|
40
42
|
category: 'information_disclosure',
|
|
41
43
|
scanner: 'sensitive-path-scout',
|
|
42
44
|
cvss: {
|
|
@@ -58,6 +60,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
58
60
|
title: 'SSL/TLS Private Key Exposed',
|
|
59
61
|
description: 'SSL/TLS private key file is publicly accessible, enabling attackers to decrypt all HTTPS traffic, perform man-in-the-middle attacks, and impersonate the server for phishing or credential theft operations against legitimate users.',
|
|
60
62
|
severity: 'critical',
|
|
63
|
+
levelId: 1,
|
|
61
64
|
category: 'cryptographic',
|
|
62
65
|
scanner: 'sensitive-path-scout',
|
|
63
66
|
cvss: {
|
|
@@ -79,6 +82,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
79
82
|
title: 'Rails Master Key Exposed',
|
|
80
83
|
description: 'Rails master.key file is publicly accessible, allowing decryption of all Rails encrypted credentials including database passwords, API keys, and session secrets, enabling complete application compromise and access to all encrypted secrets.',
|
|
81
84
|
severity: 'critical',
|
|
85
|
+
levelId: 1,
|
|
82
86
|
category: 'information_disclosure',
|
|
83
87
|
scanner: 'sensitive-path-scout',
|
|
84
88
|
cvss: {
|
|
@@ -100,6 +104,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
100
104
|
title: 'Terraform State File Exposed',
|
|
101
105
|
description: 'Terraform state file (tfstate) is publicly accessible containing complete infrastructure configuration, resource IDs, IP addresses, and potentially sensitive outputs including database passwords and API keys stored in plain text.',
|
|
102
106
|
severity: 'critical',
|
|
107
|
+
levelId: 1,
|
|
103
108
|
category: 'information_disclosure',
|
|
104
109
|
scanner: 'sensitive-path-scout',
|
|
105
110
|
cvss: {
|
|
@@ -121,6 +126,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
121
126
|
title: 'Kubernetes Config Exposed',
|
|
122
127
|
description: 'Kubernetes kubeconfig file is publicly accessible containing cluster credentials, certificates, and tokens that allow full administrative access to Kubernetes clusters including ability to deploy, modify, and delete all workloads.',
|
|
123
128
|
severity: 'critical',
|
|
129
|
+
levelId: 1,
|
|
124
130
|
category: 'information_disclosure',
|
|
125
131
|
scanner: 'sensitive-path-scout',
|
|
126
132
|
cvss: {
|
|
@@ -142,6 +148,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
142
148
|
title: 'HashiCorp Vault Secret Exposed',
|
|
143
149
|
description: 'HashiCorp Vault secrets or root token exposed, providing access to the centralized secrets management system and all secrets stored within, potentially compromising hundreds of application credentials and encryption keys.',
|
|
144
150
|
severity: 'critical',
|
|
151
|
+
levelId: 1,
|
|
145
152
|
category: 'information_disclosure',
|
|
146
153
|
scanner: 'sensitive-path-scout',
|
|
147
154
|
cvss: {
|
|
@@ -166,6 +173,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
166
173
|
title: 'Git Repository Exposed',
|
|
167
174
|
description: 'Git repository metadata (.git/HEAD, .git/config) is publicly accessible, allowing attackers to download the complete repository including all source code, commit history, configuration files, and potentially credentials committed accidentally.',
|
|
168
175
|
severity: 'high',
|
|
176
|
+
levelId: 2,
|
|
169
177
|
category: 'information_disclosure',
|
|
170
178
|
scanner: 'sensitive-path-scout',
|
|
171
179
|
cvss: {
|
|
@@ -187,6 +195,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
187
195
|
title: 'Environment File Exposed',
|
|
188
196
|
description: 'Environment configuration file (.env, .env.local, .env.production) is publicly accessible containing application secrets, database credentials, API keys, and other sensitive configuration that should never be exposed to end users.',
|
|
189
197
|
severity: 'high',
|
|
198
|
+
levelId: 2,
|
|
190
199
|
category: 'information_disclosure',
|
|
191
200
|
scanner: 'sensitive-path-scout',
|
|
192
201
|
cvss: {
|
|
@@ -208,6 +217,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
208
217
|
title: 'WordPress Configuration File Exposed',
|
|
209
218
|
description: 'WordPress wp-config.php file is accessible and readable, exposing database credentials, authentication keys, salts, table prefix, and debug settings that allow complete compromise of the WordPress installation and underlying database.',
|
|
210
219
|
severity: 'high',
|
|
220
|
+
levelId: 2,
|
|
211
221
|
category: 'information_disclosure',
|
|
212
222
|
scanner: 'sensitive-path-scout',
|
|
213
223
|
cvss: {
|
|
@@ -229,6 +239,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
229
239
|
title: 'Spring Boot Actuator Endpoints Exposed',
|
|
230
240
|
description: 'Spring Boot Actuator management endpoints are publicly accessible without authentication, exposing application internals including environment variables, configuration properties, health status, thread dumps, and potentially enabling remote code execution through certain endpoints.',
|
|
231
241
|
severity: 'high',
|
|
242
|
+
levelId: 2,
|
|
232
243
|
category: 'information_disclosure',
|
|
233
244
|
scanner: 'sensitive-path-scout',
|
|
234
245
|
cvss: {
|
|
@@ -251,6 +262,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
251
262
|
title: 'Spring Boot Heapdump Exposed',
|
|
252
263
|
description: 'Spring Boot Actuator heapdump endpoint is accessible allowing download of JVM heap memory containing sensitive runtime data including session tokens, passwords, encryption keys, personal data, and other secrets temporarily held in application memory.',
|
|
253
264
|
severity: 'critical',
|
|
265
|
+
levelId: 1,
|
|
254
266
|
category: 'information_disclosure',
|
|
255
267
|
scanner: 'sensitive-path-scout',
|
|
256
268
|
cvss: {
|
|
@@ -272,6 +284,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
272
284
|
title: 'PHP Info Page Exposed',
|
|
273
285
|
description: 'PHP info page (phpinfo.php) is publicly accessible revealing complete server configuration including PHP version, loaded modules, environment variables, system paths, and potentially database connection strings that aid attackers in planning targeted attacks.',
|
|
274
286
|
severity: 'medium',
|
|
287
|
+
levelId: 3,
|
|
275
288
|
category: 'information_disclosure',
|
|
276
289
|
scanner: 'sensitive-path-scout',
|
|
277
290
|
cvss: {
|
|
@@ -293,6 +306,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
293
306
|
title: 'Laravel Debug Mode Enabled',
|
|
294
307
|
description: 'Laravel application is running with debug mode enabled in production, exposing detailed stack traces, database queries, environment variables, and potentially the APP_KEY which can be used to decrypt session data and forge authenticated sessions.',
|
|
295
308
|
severity: 'high',
|
|
309
|
+
levelId: 2,
|
|
296
310
|
category: 'information_disclosure',
|
|
297
311
|
scanner: 'sensitive-path-scout',
|
|
298
312
|
cvss: {
|
|
@@ -314,6 +328,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
314
328
|
title: 'GraphQL Introspection Enabled',
|
|
315
329
|
description: 'GraphQL API has introspection enabled in production, allowing attackers to query the complete schema including all types, queries, mutations, and fields, which reveals the entire API structure and aids in discovering sensitive operations and data access points.',
|
|
316
330
|
severity: 'medium',
|
|
331
|
+
levelId: 3,
|
|
317
332
|
category: 'information_disclosure',
|
|
318
333
|
scanner: 'sensitive-path-scout',
|
|
319
334
|
cvss: {
|
|
@@ -335,6 +350,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
335
350
|
title: 'Database Backup File Exposed',
|
|
336
351
|
description: 'Database backup or dump file (.sql, .dump, .bak) is publicly accessible containing complete database contents including user credentials, personal information, business data, and all other stored information enabling massive data breach.',
|
|
337
352
|
severity: 'critical',
|
|
353
|
+
levelId: 1,
|
|
338
354
|
category: 'information_disclosure',
|
|
339
355
|
scanner: 'sensitive-path-scout',
|
|
340
356
|
cvss: {
|
|
@@ -359,6 +375,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
359
375
|
title: 'Swagger/OpenAPI Documentation Exposed',
|
|
360
376
|
description: 'API documentation (swagger.json, openapi.yaml) is publicly accessible revealing complete API structure including all endpoints, parameters, authentication methods, and data models which aids attackers in understanding and exploiting the API systematically.',
|
|
361
377
|
severity: 'low',
|
|
378
|
+
levelId: 4,
|
|
362
379
|
category: 'information_disclosure',
|
|
363
380
|
scanner: 'sensitive-path-scout',
|
|
364
381
|
cvss: {
|
|
@@ -380,6 +397,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
380
397
|
title: 'Prometheus Metrics Endpoint Exposed',
|
|
381
398
|
description: 'Prometheus metrics endpoint (/metrics) is publicly accessible exposing application performance data, error rates, request patterns, resource usage, and potentially business metrics that reveal internal operations and aid in planning attacks.',
|
|
382
399
|
severity: 'medium',
|
|
400
|
+
levelId: 3,
|
|
383
401
|
category: 'information_disclosure',
|
|
384
402
|
scanner: 'sensitive-path-scout',
|
|
385
403
|
cvss: {
|
|
@@ -401,6 +419,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
401
419
|
title: 'Admin Panel Publicly Accessible',
|
|
402
420
|
description: 'Administrative interface is accessible from the public internet without IP restrictions, enabling brute force attacks against admin credentials and exposing sensitive management functionality that should be restricted to internal networks only.',
|
|
403
421
|
severity: 'medium',
|
|
422
|
+
levelId: 3,
|
|
404
423
|
category: 'access_control',
|
|
405
424
|
scanner: 'sensitive-path-scout',
|
|
406
425
|
cvss: {
|
|
@@ -422,6 +441,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
422
441
|
title: 'JavaScript Source Maps Exposed',
|
|
423
442
|
description: 'JavaScript source map files (.js.map) are publicly accessible allowing attackers to view original unminified source code including comments, variable names, internal logic, and potentially security-sensitive implementation details.',
|
|
424
443
|
severity: 'low',
|
|
444
|
+
levelId: 4,
|
|
425
445
|
category: 'information_disclosure',
|
|
426
446
|
scanner: 'sensitive-path-scout',
|
|
427
447
|
cvss: {
|
|
@@ -446,6 +466,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
446
466
|
title: 'Un Protected Config JSON',
|
|
447
467
|
description: 'The application exposes un protected config json in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
448
468
|
severity: 'medium',
|
|
469
|
+
levelId: 3,
|
|
449
470
|
category: 'information_disclosure',
|
|
450
471
|
scanner: 'sensitive-path-scout',
|
|
451
472
|
cvss: {
|
|
@@ -467,6 +488,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
467
488
|
title: 'Web Server Configuration File Detected',
|
|
468
489
|
description: 'The application exposes web server configuration file detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
469
490
|
severity: 'high',
|
|
491
|
+
levelId: 2,
|
|
470
492
|
category: 'information_disclosure',
|
|
471
493
|
scanner: 'sensitive-path-scout',
|
|
472
494
|
cvss: {
|
|
@@ -488,6 +510,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
488
510
|
title: 'Appsettings JSON Exposed',
|
|
489
511
|
description: 'The application exposes appsettings json exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
490
512
|
severity: 'high',
|
|
513
|
+
levelId: 2,
|
|
491
514
|
category: 'information_disclosure',
|
|
492
515
|
scanner: 'sensitive-path-scout',
|
|
493
516
|
cvss: {
|
|
@@ -509,6 +532,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
509
532
|
title: 'Spring Config Exposed',
|
|
510
533
|
description: 'The application exposes spring config exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
511
534
|
severity: 'high',
|
|
535
|
+
levelId: 2,
|
|
512
536
|
category: 'information_disclosure',
|
|
513
537
|
scanner: 'sensitive-path-scout',
|
|
514
538
|
cvss: {
|
|
@@ -530,6 +554,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
530
554
|
title: 'Npmrc Exposed',
|
|
531
555
|
description: 'The application exposes npmrc exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
532
556
|
severity: 'high',
|
|
557
|
+
levelId: 2,
|
|
533
558
|
category: 'information_disclosure',
|
|
534
559
|
scanner: 'sensitive-path-scout',
|
|
535
560
|
cvss: {
|
|
@@ -551,6 +576,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
551
576
|
title: 'TOML Project File Exposed',
|
|
552
577
|
description: 'The application exposes toml project file exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
553
578
|
severity: 'low',
|
|
579
|
+
levelId: 4,
|
|
554
580
|
category: 'information_disclosure',
|
|
555
581
|
scanner: 'sensitive-path-scout',
|
|
556
582
|
cvss: {
|
|
@@ -572,6 +598,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
572
598
|
title: 'Rails Database YML Exposed',
|
|
573
599
|
description: 'The application exposes rails database yml exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
574
600
|
severity: 'high',
|
|
601
|
+
levelId: 2,
|
|
575
602
|
category: 'information_disclosure',
|
|
576
603
|
scanner: 'sensitive-path-scout',
|
|
577
604
|
cvss: {
|
|
@@ -593,6 +620,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
593
620
|
title: 'Drupal Settings PHP Exposed',
|
|
594
621
|
description: 'The application exposes drupal settings php exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
595
622
|
severity: 'high',
|
|
623
|
+
levelId: 2,
|
|
596
624
|
category: 'information_disclosure',
|
|
597
625
|
scanner: 'sensitive-path-scout',
|
|
598
626
|
cvss: {
|
|
@@ -614,6 +642,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
614
642
|
title: 'Magento Env PHP Exposed',
|
|
615
643
|
description: 'The application exposes magento env php exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
616
644
|
severity: 'high',
|
|
645
|
+
levelId: 2,
|
|
617
646
|
category: 'information_disclosure',
|
|
618
647
|
scanner: 'sensitive-path-scout',
|
|
619
648
|
cvss: {
|
|
@@ -635,6 +664,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
635
664
|
title: 'Jolokia Exposed',
|
|
636
665
|
description: 'The application exposes jolokia exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
637
666
|
severity: 'high',
|
|
667
|
+
levelId: 2,
|
|
638
668
|
category: 'information_disclosure',
|
|
639
669
|
scanner: 'sensitive-path-scout',
|
|
640
670
|
cvss: {
|
|
@@ -656,6 +686,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
656
686
|
title: 'SVN Working Copy Database Exposed',
|
|
657
687
|
description: 'The application exposes svn working copy database exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
658
688
|
severity: 'high',
|
|
689
|
+
levelId: 2,
|
|
659
690
|
category: 'information_disclosure',
|
|
660
691
|
scanner: 'sensitive-path-scout',
|
|
661
692
|
cvss: {
|
|
@@ -677,6 +708,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
677
708
|
title: 'Subversion Repository Detected',
|
|
678
709
|
description: 'The application exposes subversion repository detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
679
710
|
severity: 'high',
|
|
711
|
+
levelId: 2,
|
|
680
712
|
category: 'information_disclosure',
|
|
681
713
|
scanner: 'sensitive-path-scout',
|
|
682
714
|
cvss: {
|
|
@@ -698,6 +730,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
698
730
|
title: 'Mercurial Repository Found',
|
|
699
731
|
description: 'The application exposes mercurial repository found in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
700
732
|
severity: 'medium',
|
|
733
|
+
levelId: 3,
|
|
701
734
|
category: 'information_disclosure',
|
|
702
735
|
scanner: 'sensitive-path-scout',
|
|
703
736
|
cvss: {
|
|
@@ -719,6 +752,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
719
752
|
title: 'Mercurial Hgrc Exposed',
|
|
720
753
|
description: 'The application exposes mercurial hgrc exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
721
754
|
severity: 'medium',
|
|
755
|
+
levelId: 3,
|
|
722
756
|
category: 'information_disclosure',
|
|
723
757
|
scanner: 'sensitive-path-scout',
|
|
724
758
|
cvss: {
|
|
@@ -740,6 +774,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
740
774
|
title: 'CVS Root Exposed',
|
|
741
775
|
description: 'The application exposes cvs root exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
742
776
|
severity: 'medium',
|
|
777
|
+
levelId: 3,
|
|
743
778
|
category: 'information_disclosure',
|
|
744
779
|
scanner: 'sensitive-path-scout',
|
|
745
780
|
cvss: {
|
|
@@ -761,6 +796,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
761
796
|
title: 'CVS Entries Exposed',
|
|
762
797
|
description: 'The application exposes cvs entries exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
763
798
|
severity: 'medium',
|
|
799
|
+
levelId: 3,
|
|
764
800
|
category: 'information_disclosure',
|
|
765
801
|
scanner: 'sensitive-path-scout',
|
|
766
802
|
cvss: {
|
|
@@ -782,6 +818,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
782
818
|
title: 'Bazaar Repo Exposed',
|
|
783
819
|
description: 'The application exposes bazaar repo exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
784
820
|
severity: 'medium',
|
|
821
|
+
levelId: 3,
|
|
785
822
|
category: 'information_disclosure',
|
|
786
823
|
scanner: 'sensitive-path-scout',
|
|
787
824
|
cvss: {
|
|
@@ -803,6 +840,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
803
840
|
title: 'Spring Boot Thread Dump Exposed',
|
|
804
841
|
description: 'The application exposes spring boot thread dump exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
805
842
|
severity: 'high',
|
|
843
|
+
levelId: 2,
|
|
806
844
|
category: 'information_disclosure',
|
|
807
845
|
scanner: 'sensitive-path-scout',
|
|
808
846
|
cvss: {
|
|
@@ -824,6 +862,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
824
862
|
title: 'Redis Rdb Dump Detected',
|
|
825
863
|
description: 'The application exposes redis rdb dump detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
826
864
|
severity: 'high',
|
|
865
|
+
levelId: 2,
|
|
827
866
|
category: 'information_disclosure',
|
|
828
867
|
scanner: 'sensitive-path-scout',
|
|
829
868
|
cvss: {
|
|
@@ -845,6 +884,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
845
884
|
title: 'Atlassian Bitbucket Pipelines Configuration Detected',
|
|
846
885
|
description: 'The application exposes atlassian bitbucket pipelines configuration detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
847
886
|
severity: 'low',
|
|
887
|
+
levelId: 4,
|
|
848
888
|
category: 'information_disclosure',
|
|
849
889
|
scanner: 'sensitive-path-scout',
|
|
850
890
|
cvss: {
|
|
@@ -866,6 +906,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
866
906
|
title: 'AZURE Pipelines Configuration Detected',
|
|
867
907
|
description: 'The application exposes azure pipelines configuration detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
868
908
|
severity: 'low',
|
|
909
|
+
levelId: 4,
|
|
869
910
|
category: 'information_disclosure',
|
|
870
911
|
scanner: 'sensitive-path-scout',
|
|
871
912
|
cvss: {
|
|
@@ -887,6 +928,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
887
928
|
title: 'AWS Code Build Buildspec Detected',
|
|
888
929
|
description: 'The application exposes aws code build buildspec detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
889
930
|
severity: 'low',
|
|
931
|
+
levelId: 4,
|
|
890
932
|
category: 'information_disclosure',
|
|
891
933
|
scanner: 'sensitive-path-scout',
|
|
892
934
|
cvss: {
|
|
@@ -908,6 +950,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
908
950
|
title: 'Github Actions Workflow Detected',
|
|
909
951
|
description: 'The application exposes github actions workflow detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
910
952
|
severity: 'low',
|
|
953
|
+
levelId: 4,
|
|
911
954
|
category: 'information_disclosure',
|
|
912
955
|
scanner: 'sensitive-path-scout',
|
|
913
956
|
cvss: {
|
|
@@ -929,6 +972,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
929
972
|
title: 'Docker Compose Configuration Detected',
|
|
930
973
|
description: 'The application exposes docker compose configuration detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
931
974
|
severity: 'medium',
|
|
975
|
+
levelId: 3,
|
|
932
976
|
category: 'information_disclosure',
|
|
933
977
|
scanner: 'sensitive-path-scout',
|
|
934
978
|
cvss: {
|
|
@@ -950,6 +994,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
950
994
|
title: 'Trace Axd',
|
|
951
995
|
description: 'The application exposes trace axd in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
952
996
|
severity: 'high',
|
|
997
|
+
levelId: 2,
|
|
953
998
|
category: 'information_disclosure',
|
|
954
999
|
scanner: 'sensitive-path-scout',
|
|
955
1000
|
cvss: {
|
|
@@ -971,6 +1016,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
971
1016
|
title: 'Elmah Axd Exposed',
|
|
972
1017
|
description: 'The application exposes elmah axd exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
973
1018
|
severity: 'high',
|
|
1019
|
+
levelId: 2,
|
|
974
1020
|
category: 'information_disclosure',
|
|
975
1021
|
scanner: 'sensitive-path-scout',
|
|
976
1022
|
cvss: {
|
|
@@ -992,6 +1038,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
992
1038
|
title: 'Laravel Log Viewer Enabled',
|
|
993
1039
|
description: 'The application exposes laravel log viewer enabled in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
994
1040
|
severity: 'medium',
|
|
1041
|
+
levelId: 3,
|
|
995
1042
|
category: 'information_disclosure',
|
|
996
1043
|
scanner: 'sensitive-path-scout',
|
|
997
1044
|
cvss: {
|
|
@@ -1013,6 +1060,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1013
1060
|
title: 'Apache Htaccess File Detected',
|
|
1014
1061
|
description: 'The application exposes apache htaccess file detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1015
1062
|
severity: 'medium',
|
|
1063
|
+
levelId: 3,
|
|
1016
1064
|
category: 'information_disclosure',
|
|
1017
1065
|
scanner: 'sensitive-path-scout',
|
|
1018
1066
|
cvss: {
|
|
@@ -1034,6 +1082,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1034
1082
|
title: 'Apache Server Info Exposed',
|
|
1035
1083
|
description: 'The application exposes apache server info exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1036
1084
|
severity: 'medium',
|
|
1085
|
+
levelId: 3,
|
|
1037
1086
|
category: 'information_disclosure',
|
|
1038
1087
|
scanner: 'sensitive-path-scout',
|
|
1039
1088
|
cvss: {
|
|
@@ -1055,6 +1104,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1055
1104
|
title: 'Sqlite Database Detected',
|
|
1056
1105
|
description: 'The application exposes sqlite database detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1057
1106
|
severity: 'high',
|
|
1107
|
+
levelId: 2,
|
|
1058
1108
|
category: 'information_disclosure',
|
|
1059
1109
|
scanner: 'sensitive-path-scout',
|
|
1060
1110
|
cvss: {
|
|
@@ -1076,6 +1126,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1076
1126
|
title: 'Package Dependencies Detected',
|
|
1077
1127
|
description: 'The application exposes package dependencies detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1078
1128
|
severity: 'medium',
|
|
1129
|
+
levelId: 3,
|
|
1079
1130
|
category: 'information_disclosure',
|
|
1080
1131
|
scanner: 'sensitive-path-scout',
|
|
1081
1132
|
cvss: {
|
|
@@ -1097,6 +1148,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1097
1148
|
title: 'PHP Composer Dependencies Detected',
|
|
1098
1149
|
description: 'The application exposes php composer dependencies detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1099
1150
|
severity: 'medium',
|
|
1151
|
+
levelId: 3,
|
|
1100
1152
|
category: 'information_disclosure',
|
|
1101
1153
|
scanner: 'sensitive-path-scout',
|
|
1102
1154
|
cvss: {
|
|
@@ -1118,6 +1170,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1118
1170
|
title: 'Python Requirements Detected',
|
|
1119
1171
|
description: 'The application exposes python requirements detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1120
1172
|
severity: 'low',
|
|
1173
|
+
levelId: 4,
|
|
1121
1174
|
category: 'information_disclosure',
|
|
1122
1175
|
scanner: 'sensitive-path-scout',
|
|
1123
1176
|
cvss: {
|
|
@@ -1139,6 +1192,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1139
1192
|
title: 'AWS Config Exposed',
|
|
1140
1193
|
description: 'The application exposes aws config exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1141
1194
|
severity: 'high',
|
|
1195
|
+
levelId: 2,
|
|
1142
1196
|
category: 'information_disclosure',
|
|
1143
1197
|
scanner: 'sensitive-path-scout',
|
|
1144
1198
|
cvss: {
|
|
@@ -1160,6 +1214,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1160
1214
|
title: 'AZURE Credentials Exposed',
|
|
1161
1215
|
description: 'The application exposes azure credentials exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1162
1216
|
severity: 'high',
|
|
1217
|
+
levelId: 2,
|
|
1163
1218
|
category: 'information_disclosure',
|
|
1164
1219
|
scanner: 'sensitive-path-scout',
|
|
1165
1220
|
cvss: {
|
|
@@ -1181,6 +1236,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1181
1236
|
title: 'Helm Values Exposed',
|
|
1182
1237
|
description: 'The application exposes helm values exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1183
1238
|
severity: 'high',
|
|
1239
|
+
levelId: 2,
|
|
1184
1240
|
category: 'information_disclosure',
|
|
1185
1241
|
scanner: 'sensitive-path-scout',
|
|
1186
1242
|
cvss: {
|
|
@@ -1202,6 +1258,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1202
1258
|
title: 'SSH Public Key Exposed',
|
|
1203
1259
|
description: 'The application exposes ssh public key exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1204
1260
|
severity: 'medium',
|
|
1261
|
+
levelId: 3,
|
|
1205
1262
|
category: 'information_disclosure',
|
|
1206
1263
|
scanner: 'sensitive-path-scout',
|
|
1207
1264
|
cvss: {
|
|
@@ -1223,6 +1280,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1223
1280
|
title: 'SSL Certificate Exposed',
|
|
1224
1281
|
description: 'The application exposes ssl certificate exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1225
1282
|
severity: 'medium',
|
|
1283
|
+
levelId: 3,
|
|
1226
1284
|
category: 'information_disclosure',
|
|
1227
1285
|
scanner: 'sensitive-path-scout',
|
|
1228
1286
|
cvss: {
|
|
@@ -1244,6 +1302,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1244
1302
|
title: 'Graph Ql Endpoint Exposed',
|
|
1245
1303
|
description: 'The application exposes graph ql endpoint exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1246
1304
|
severity: 'medium',
|
|
1305
|
+
levelId: 3,
|
|
1247
1306
|
category: 'information_disclosure',
|
|
1248
1307
|
scanner: 'sensitive-path-scout',
|
|
1249
1308
|
cvss: {
|
|
@@ -1265,6 +1324,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1265
1324
|
title: 'Graphi Ql Exposed',
|
|
1266
1325
|
description: 'The application exposes graphi ql exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1267
1326
|
severity: 'medium',
|
|
1327
|
+
levelId: 3,
|
|
1268
1328
|
category: 'information_disclosure',
|
|
1269
1329
|
scanner: 'sensitive-path-scout',
|
|
1270
1330
|
cvss: {
|
|
@@ -1286,6 +1346,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1286
1346
|
title: 'Terraform Lock Exposed',
|
|
1287
1347
|
description: 'The application exposes terraform lock exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1288
1348
|
severity: 'medium',
|
|
1349
|
+
levelId: 3,
|
|
1289
1350
|
category: 'information_disclosure',
|
|
1290
1351
|
scanner: 'sensitive-path-scout',
|
|
1291
1352
|
cvss: {
|
|
@@ -1307,6 +1368,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1307
1368
|
title: 'Terraform Vars Exposed',
|
|
1308
1369
|
description: 'The application exposes terraform vars exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1309
1370
|
severity: 'high',
|
|
1371
|
+
levelId: 2,
|
|
1310
1372
|
category: 'information_disclosure',
|
|
1311
1373
|
scanner: 'sensitive-path-scout',
|
|
1312
1374
|
cvss: {
|
|
@@ -1328,6 +1390,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1328
1390
|
title: 'Error Log Exposed',
|
|
1329
1391
|
description: 'The application exposes error log exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1330
1392
|
severity: 'medium',
|
|
1393
|
+
levelId: 3,
|
|
1331
1394
|
category: 'information_disclosure',
|
|
1332
1395
|
scanner: 'sensitive-path-scout',
|
|
1333
1396
|
cvss: {
|
|
@@ -1349,6 +1412,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1349
1412
|
title: 'Access Log Exposed',
|
|
1350
1413
|
description: 'The application exposes access log exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1351
1414
|
severity: 'medium',
|
|
1415
|
+
levelId: 3,
|
|
1352
1416
|
category: 'information_disclosure',
|
|
1353
1417
|
scanner: 'sensitive-path-scout',
|
|
1354
1418
|
cvss: {
|
|
@@ -1370,6 +1434,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1370
1434
|
title: 'Debug Log Exposed',
|
|
1371
1435
|
description: 'The application exposes debug log exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1372
1436
|
severity: 'medium',
|
|
1437
|
+
levelId: 3,
|
|
1373
1438
|
category: 'information_disclosure',
|
|
1374
1439
|
scanner: 'sensitive-path-scout',
|
|
1375
1440
|
cvss: {
|
|
@@ -1391,6 +1456,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1391
1456
|
title: 'Application Log Exposed',
|
|
1392
1457
|
description: 'The application exposes application log exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1393
1458
|
severity: 'medium',
|
|
1459
|
+
levelId: 3,
|
|
1394
1460
|
category: 'information_disclosure',
|
|
1395
1461
|
scanner: 'sensitive-path-scout',
|
|
1396
1462
|
cvss: {
|
|
@@ -1412,6 +1478,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1412
1478
|
title: 'Laravel Log Exposed',
|
|
1413
1479
|
description: 'The application exposes laravel log exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1414
1480
|
severity: 'high',
|
|
1481
|
+
levelId: 2,
|
|
1415
1482
|
category: 'information_disclosure',
|
|
1416
1483
|
scanner: 'sensitive-path-scout',
|
|
1417
1484
|
cvss: {
|
|
@@ -1433,6 +1500,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1433
1500
|
title: 'Word Press Debug Log Exposed',
|
|
1434
1501
|
description: 'The application exposes word press debug log exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1435
1502
|
severity: 'high',
|
|
1503
|
+
levelId: 2,
|
|
1436
1504
|
category: 'information_disclosure',
|
|
1437
1505
|
scanner: 'sensitive-path-scout',
|
|
1438
1506
|
cvss: {
|
|
@@ -1454,6 +1522,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1454
1522
|
title: 'Adminer Exposed',
|
|
1455
1523
|
description: 'The application exposes adminer exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1456
1524
|
severity: 'high',
|
|
1525
|
+
levelId: 2,
|
|
1457
1526
|
category: 'information_disclosure',
|
|
1458
1527
|
scanner: 'sensitive-path-scout',
|
|
1459
1528
|
cvss: {
|
|
@@ -1475,6 +1544,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1475
1544
|
title: 'WSDL Exposed',
|
|
1476
1545
|
description: 'The application exposes wsdl exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1477
1546
|
severity: 'medium',
|
|
1547
|
+
levelId: 3,
|
|
1478
1548
|
category: 'information_disclosure',
|
|
1479
1549
|
scanner: 'sensitive-path-scout',
|
|
1480
1550
|
cvss: {
|
|
@@ -1496,6 +1566,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1496
1566
|
title: 'Debug Endpoint Exposed',
|
|
1497
1567
|
description: 'The application exposes debug endpoint exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1498
1568
|
severity: 'high',
|
|
1569
|
+
levelId: 2,
|
|
1499
1570
|
category: 'information_disclosure',
|
|
1500
1571
|
scanner: 'sensitive-path-scout',
|
|
1501
1572
|
cvss: {
|
|
@@ -1517,6 +1588,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1517
1588
|
title: 'Go Debug Vars Exposed',
|
|
1518
1589
|
description: 'The application exposes go debug vars exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1519
1590
|
severity: 'high',
|
|
1591
|
+
levelId: 2,
|
|
1520
1592
|
category: 'information_disclosure',
|
|
1521
1593
|
scanner: 'sensitive-path-scout',
|
|
1522
1594
|
cvss: {
|
|
@@ -1538,6 +1610,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1538
1610
|
title: 'Go Pprof Exposed',
|
|
1539
1611
|
description: 'The application exposes go pprof exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1540
1612
|
severity: 'high',
|
|
1613
|
+
levelId: 2,
|
|
1541
1614
|
category: 'information_disclosure',
|
|
1542
1615
|
scanner: 'sensitive-path-scout',
|
|
1543
1616
|
cvss: {
|
|
@@ -1559,6 +1632,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1559
1632
|
title: 'Word Press XML Rpc Exposed',
|
|
1560
1633
|
description: 'The application exposes word press xml rpc exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1561
1634
|
severity: 'medium',
|
|
1635
|
+
levelId: 3,
|
|
1562
1636
|
category: 'information_disclosure',
|
|
1563
1637
|
scanner: 'sensitive-path-scout',
|
|
1564
1638
|
cvss: {
|
|
@@ -1580,6 +1654,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1580
1654
|
title: 'Test Endpoint Exposed',
|
|
1581
1655
|
description: 'The application exposes test endpoint exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1582
1656
|
severity: 'low',
|
|
1657
|
+
levelId: 4,
|
|
1583
1658
|
category: 'information_disclosure',
|
|
1584
1659
|
scanner: 'sensitive-path-scout',
|
|
1585
1660
|
cvss: {
|
|
@@ -1601,6 +1676,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1601
1676
|
title: 'Staging Endpoint Exposed',
|
|
1602
1677
|
description: 'The application exposes staging endpoint exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1603
1678
|
severity: 'low',
|
|
1679
|
+
levelId: 4,
|
|
1604
1680
|
category: 'information_disclosure',
|
|
1605
1681
|
scanner: 'sensitive-path-scout',
|
|
1606
1682
|
cvss: {
|
|
@@ -1622,6 +1698,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1622
1698
|
title: 'Editor Backup File Detected',
|
|
1623
1699
|
description: 'The application exposes editor backup file detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1624
1700
|
severity: 'low',
|
|
1701
|
+
levelId: 4,
|
|
1625
1702
|
category: 'information_disclosure',
|
|
1626
1703
|
scanner: 'sensitive-path-scout',
|
|
1627
1704
|
cvss: {
|
|
@@ -1643,6 +1720,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1643
1720
|
title: 'VIM Swap File Detected',
|
|
1644
1721
|
description: 'The application exposes vim swap file detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1645
1722
|
severity: 'low',
|
|
1723
|
+
levelId: 4,
|
|
1646
1724
|
category: 'information_disclosure',
|
|
1647
1725
|
scanner: 'sensitive-path-scout',
|
|
1648
1726
|
cvss: {
|
|
@@ -1664,6 +1742,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1664
1742
|
title: 'Directory Listing Enabled',
|
|
1665
1743
|
description: 'The application exposes directory listing enabled in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1666
1744
|
severity: 'low',
|
|
1745
|
+
levelId: 4,
|
|
1667
1746
|
category: 'information_disclosure',
|
|
1668
1747
|
scanner: 'sensitive-path-scout',
|
|
1669
1748
|
cvss: {
|
|
@@ -1685,6 +1764,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1685
1764
|
title: 'AZURE Storage Config Exposed',
|
|
1686
1765
|
description: 'The application exposes azure storage config exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1687
1766
|
severity: 'high',
|
|
1767
|
+
levelId: 2,
|
|
1688
1768
|
category: 'information_disclosure',
|
|
1689
1769
|
scanner: 'sensitive-path-scout',
|
|
1690
1770
|
cvss: {
|
|
@@ -1706,6 +1786,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1706
1786
|
title: 'Mongo Rc Exposed',
|
|
1707
1787
|
description: 'The application exposes mongo rc exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1708
1788
|
severity: 'high',
|
|
1789
|
+
levelId: 2,
|
|
1709
1790
|
category: 'information_disclosure',
|
|
1710
1791
|
scanner: 'sensitive-path-scout',
|
|
1711
1792
|
cvss: {
|
|
@@ -1727,6 +1808,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1727
1808
|
title: 'Awssam Template Exposed',
|
|
1728
1809
|
description: 'The application exposes awssam template exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1729
1810
|
severity: 'low',
|
|
1811
|
+
levelId: 4,
|
|
1730
1812
|
category: 'information_disclosure',
|
|
1731
1813
|
scanner: 'sensitive-path-scout',
|
|
1732
1814
|
cvss: {
|
|
@@ -1748,6 +1830,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1748
1830
|
title: 'Serverless Config Exposed',
|
|
1749
1831
|
description: 'The application exposes serverless config exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1750
1832
|
severity: 'low',
|
|
1833
|
+
levelId: 4,
|
|
1751
1834
|
category: 'information_disclosure',
|
|
1752
1835
|
scanner: 'sensitive-path-scout',
|
|
1753
1836
|
cvss: {
|
|
@@ -1769,6 +1852,7 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1769
1852
|
title: 'Cloud Formation Template Exposed',
|
|
1770
1853
|
description: 'The application exposes cloud formation template exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1771
1854
|
severity: 'low',
|
|
1855
|
+
levelId: 4,
|
|
1772
1856
|
category: 'information_disclosure',
|
|
1773
1857
|
scanner: 'sensitive-path-scout',
|
|
1774
1858
|
cvss: {
|