@zerothreatai/vulnerability-registry 3.0.0 → 5.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/categories/authentication.js +34 -17
- package/dist/categories/configuration.js +561 -60
- package/dist/categories/injection.js +68 -34
- package/dist/categories/sensitive-paths.js +168 -84
- package/dist/categories/ssrf.js +22 -11
- package/dist/categories/xss.js +30 -15
- package/dist/category.d.ts +6 -0
- package/dist/category.js +15 -0
- package/dist/error-codes.d.ts +20 -0
- package/dist/error-codes.js +20 -0
- package/dist/index.d.ts +9 -1
- package/dist/index.js +5 -1
- package/dist/scanner.d.ts +6 -0
- package/dist/scanner.js +22 -0
- package/dist/types.d.ts +2 -0
- package/dist-cjs/categories/authentication.js +34 -17
- package/dist-cjs/categories/configuration.js +561 -60
- package/dist-cjs/categories/injection.js +68 -34
- package/dist-cjs/categories/sensitive-paths.js +168 -84
- package/dist-cjs/categories/ssrf.js +22 -11
- package/dist-cjs/categories/xss.js +30 -15
- package/dist-cjs/category.js +18 -0
- package/dist-cjs/error-codes.js +20 -0
- package/dist-cjs/index.js +7 -1
- package/dist-cjs/scanner.js +25 -0
- package/package.json +35 -32
- package/scripts/assign-ids.ts +105 -0
- package/scripts/check-duplicate-ids.ts +45 -0
- package/src/categories/authentication.ts +145 -128
- package/src/categories/configuration.ts +1632 -1111
- package/src/categories/injection.ts +158 -124
- package/src/categories/sensitive-paths.ts +168 -84
- package/src/categories/ssrf.ts +22 -11
- package/src/categories/xss.ts +30 -15
- package/src/category.ts +16 -0
- package/src/error-codes.ts +25 -5
- package/src/id-registry.json +1235 -0
- package/src/index.ts +20 -14
- package/src/scanner.ts +23 -0
- package/src/types.ts +4 -2
- package/zerothreatai-vulnerability-registry-4npm .0.0.tgz +0 -0
- package/src/categories/authentication.d.ts +0 -8
- package/src/categories/authentication.d.ts.map +0 -1
- package/src/categories/authentication.js +0 -378
- package/src/categories/authentication.js.map +0 -1
- package/src/categories/configuration.d.ts +0 -8
- package/src/categories/configuration.d.ts.map +0 -1
- package/src/categories/configuration.js +0 -906
- package/src/categories/configuration.js.map +0 -1
- package/src/categories/injection.d.ts +0 -8
- package/src/categories/injection.d.ts.map +0 -1
- package/src/categories/injection.js +0 -750
- package/src/categories/injection.js.map +0 -1
- package/src/categories/sensitive-paths.d.ts +0 -9
- package/src/categories/sensitive-paths.d.ts.map +0 -1
- package/src/categories/sensitive-paths.js +0 -1791
- package/src/categories/sensitive-paths.js.map +0 -1
- package/src/categories/ssrf.d.ts +0 -8
- package/src/categories/ssrf.d.ts.map +0 -1
- package/src/categories/ssrf.js +0 -250
- package/src/categories/ssrf.js.map +0 -1
- package/src/categories/xss.d.ts +0 -7
- package/src/categories/xss.d.ts.map +0 -1
- package/src/categories/xss.js +0 -328
- package/src/categories/xss.js.map +0 -1
- package/src/error-codes.d.ts +0 -242
- package/src/error-codes.d.ts.map +0 -1
- package/src/error-codes.js +0 -315
- package/src/error-codes.js.map +0 -1
- package/src/index.d.ts +0 -60
- package/src/index.d.ts.map +0 -1
- package/src/index.js +0 -107
- package/src/index.js.map +0 -1
- package/src/types.d.ts +0 -86
- package/src/types.d.ts.map +0 -1
- package/src/types.js +0 -7
- package/src/types.js.map +0 -1
|
@@ -13,11 +13,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
13
13
|
// CRITICAL - CREDENTIAL EXPOSURE
|
|
14
14
|
// ========================================
|
|
15
15
|
[VulnerabilityCode.SENS_CRIT_AWS_CREDENTIALS]: {
|
|
16
|
-
id:
|
|
16
|
+
id: 500,
|
|
17
17
|
code: VulnerabilityCode.SENS_CRIT_AWS_CREDENTIALS,
|
|
18
18
|
title: 'AWS Credentials Exposed',
|
|
19
19
|
description: 'AWS credentials file (.aws/credentials) is publicly accessible containing AWS Access Key ID and Secret Access Key, enabling complete access to AWS services including S3 buckets, EC2 instances, RDS databases, and all cloud resources associated with the compromised account.',
|
|
20
20
|
severity: 'critical',
|
|
21
|
+
levelId: 1,
|
|
21
22
|
category: 'information_disclosure',
|
|
22
23
|
scanner: 'sensitive-path-scout',
|
|
23
24
|
cvss: {
|
|
@@ -36,11 +37,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
36
37
|
},
|
|
37
38
|
|
|
38
39
|
[VulnerabilityCode.SENS_CRIT_SSH_PRIVATE_KEY]: {
|
|
39
|
-
id:
|
|
40
|
+
id: 501,
|
|
40
41
|
code: VulnerabilityCode.SENS_CRIT_SSH_PRIVATE_KEY,
|
|
41
42
|
title: 'SSH Private Key Exposed',
|
|
42
43
|
description: 'SSH private key file (id_rsa, id_ed25519) is publicly accessible, allowing attackers to authenticate to any system where the corresponding public key is authorized, potentially including production servers, databases, and version control systems.',
|
|
43
44
|
severity: 'critical',
|
|
45
|
+
levelId: 1,
|
|
44
46
|
category: 'information_disclosure',
|
|
45
47
|
scanner: 'sensitive-path-scout',
|
|
46
48
|
cvss: {
|
|
@@ -58,11 +60,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
58
60
|
},
|
|
59
61
|
|
|
60
62
|
[VulnerabilityCode.SENS_CRIT_SSL_PRIVATE_KEY]: {
|
|
61
|
-
id:
|
|
63
|
+
id: 502,
|
|
62
64
|
code: VulnerabilityCode.SENS_CRIT_SSL_PRIVATE_KEY,
|
|
63
65
|
title: 'SSL/TLS Private Key Exposed',
|
|
64
66
|
description: 'SSL/TLS private key file is publicly accessible, enabling attackers to decrypt all HTTPS traffic, perform man-in-the-middle attacks, and impersonate the server for phishing or credential theft operations against legitimate users.',
|
|
65
67
|
severity: 'critical',
|
|
68
|
+
levelId: 1,
|
|
66
69
|
category: 'cryptographic',
|
|
67
70
|
scanner: 'sensitive-path-scout',
|
|
68
71
|
cvss: {
|
|
@@ -80,11 +83,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
80
83
|
},
|
|
81
84
|
|
|
82
85
|
[VulnerabilityCode.SENS_CRIT_RAILS_MASTER_KEY]: {
|
|
83
|
-
id:
|
|
86
|
+
id: 503,
|
|
84
87
|
code: VulnerabilityCode.SENS_CRIT_RAILS_MASTER_KEY,
|
|
85
88
|
title: 'Rails Master Key Exposed',
|
|
86
89
|
description: 'Rails master.key file is publicly accessible, allowing decryption of all Rails encrypted credentials including database passwords, API keys, and session secrets, enabling complete application compromise and access to all encrypted secrets.',
|
|
87
90
|
severity: 'critical',
|
|
91
|
+
levelId: 1,
|
|
88
92
|
category: 'information_disclosure',
|
|
89
93
|
scanner: 'sensitive-path-scout',
|
|
90
94
|
cvss: {
|
|
@@ -102,11 +106,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
102
106
|
},
|
|
103
107
|
|
|
104
108
|
[VulnerabilityCode.SENS_CRIT_TERRAFORM_STATE]: {
|
|
105
|
-
id:
|
|
109
|
+
id: 504,
|
|
106
110
|
code: VulnerabilityCode.SENS_CRIT_TERRAFORM_STATE,
|
|
107
111
|
title: 'Terraform State File Exposed',
|
|
108
112
|
description: 'Terraform state file (tfstate) is publicly accessible containing complete infrastructure configuration, resource IDs, IP addresses, and potentially sensitive outputs including database passwords and API keys stored in plain text.',
|
|
109
113
|
severity: 'critical',
|
|
114
|
+
levelId: 1,
|
|
110
115
|
category: 'information_disclosure',
|
|
111
116
|
scanner: 'sensitive-path-scout',
|
|
112
117
|
cvss: {
|
|
@@ -124,11 +129,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
124
129
|
},
|
|
125
130
|
|
|
126
131
|
[VulnerabilityCode.SENS_CRIT_KUBE_CONFIG]: {
|
|
127
|
-
id:
|
|
132
|
+
id: 505,
|
|
128
133
|
code: VulnerabilityCode.SENS_CRIT_KUBE_CONFIG,
|
|
129
134
|
title: 'Kubernetes Config Exposed',
|
|
130
135
|
description: 'Kubernetes kubeconfig file is publicly accessible containing cluster credentials, certificates, and tokens that allow full administrative access to Kubernetes clusters including ability to deploy, modify, and delete all workloads.',
|
|
131
136
|
severity: 'critical',
|
|
137
|
+
levelId: 1,
|
|
132
138
|
category: 'information_disclosure',
|
|
133
139
|
scanner: 'sensitive-path-scout',
|
|
134
140
|
cvss: {
|
|
@@ -146,11 +152,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
146
152
|
},
|
|
147
153
|
|
|
148
154
|
[VulnerabilityCode.SENS_CRIT_VAULT_SECRET]: {
|
|
149
|
-
id:
|
|
155
|
+
id: 506,
|
|
150
156
|
code: VulnerabilityCode.SENS_CRIT_VAULT_SECRET,
|
|
151
157
|
title: 'HashiCorp Vault Secret Exposed',
|
|
152
158
|
description: 'HashiCorp Vault secrets or root token exposed, providing access to the centralized secrets management system and all secrets stored within, potentially compromising hundreds of application credentials and encryption keys.',
|
|
153
159
|
severity: 'critical',
|
|
160
|
+
levelId: 1,
|
|
154
161
|
category: 'information_disclosure',
|
|
155
162
|
scanner: 'sensitive-path-scout',
|
|
156
163
|
cvss: {
|
|
@@ -171,11 +178,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
171
178
|
// HIGH - SOURCE CODE & CONFIG EXPOSURE
|
|
172
179
|
// ========================================
|
|
173
180
|
[VulnerabilityCode.SENS_HIGH_GIT_EXPOSED]: {
|
|
174
|
-
id:
|
|
181
|
+
id: 507,
|
|
175
182
|
code: VulnerabilityCode.SENS_HIGH_GIT_EXPOSED,
|
|
176
183
|
title: 'Git Repository Exposed',
|
|
177
184
|
description: 'Git repository metadata (.git/HEAD, .git/config) is publicly accessible, allowing attackers to download the complete repository including all source code, commit history, configuration files, and potentially credentials committed accidentally.',
|
|
178
185
|
severity: 'high',
|
|
186
|
+
levelId: 2,
|
|
179
187
|
category: 'information_disclosure',
|
|
180
188
|
scanner: 'sensitive-path-scout',
|
|
181
189
|
cvss: {
|
|
@@ -193,11 +201,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
193
201
|
},
|
|
194
202
|
|
|
195
203
|
[VulnerabilityCode.SENS_HIGH_ENV_FILE]: {
|
|
196
|
-
id:
|
|
204
|
+
id: 508,
|
|
197
205
|
code: VulnerabilityCode.SENS_HIGH_ENV_FILE,
|
|
198
206
|
title: 'Environment File Exposed',
|
|
199
207
|
description: 'Environment configuration file (.env, .env.local, .env.production) is publicly accessible containing application secrets, database credentials, API keys, and other sensitive configuration that should never be exposed to end users.',
|
|
200
208
|
severity: 'high',
|
|
209
|
+
levelId: 2,
|
|
201
210
|
category: 'information_disclosure',
|
|
202
211
|
scanner: 'sensitive-path-scout',
|
|
203
212
|
cvss: {
|
|
@@ -215,11 +224,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
215
224
|
},
|
|
216
225
|
|
|
217
226
|
[VulnerabilityCode.SENS_HIGH_WORDPRESS_CONFIG]: {
|
|
218
|
-
id:
|
|
227
|
+
id: 509,
|
|
219
228
|
code: VulnerabilityCode.SENS_HIGH_WORDPRESS_CONFIG,
|
|
220
229
|
title: 'WordPress Configuration File Exposed',
|
|
221
230
|
description: 'WordPress wp-config.php file is accessible and readable, exposing database credentials, authentication keys, salts, table prefix, and debug settings that allow complete compromise of the WordPress installation and underlying database.',
|
|
222
231
|
severity: 'high',
|
|
232
|
+
levelId: 2,
|
|
223
233
|
category: 'information_disclosure',
|
|
224
234
|
scanner: 'sensitive-path-scout',
|
|
225
235
|
cvss: {
|
|
@@ -237,11 +247,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
237
247
|
},
|
|
238
248
|
|
|
239
249
|
[VulnerabilityCode.SENS_HIGH_SPRING_ACTUATOR]: {
|
|
240
|
-
id:
|
|
250
|
+
id: 510,
|
|
241
251
|
code: VulnerabilityCode.SENS_HIGH_SPRING_ACTUATOR,
|
|
242
252
|
title: 'Spring Boot Actuator Endpoints Exposed',
|
|
243
253
|
description: 'Spring Boot Actuator management endpoints are publicly accessible without authentication, exposing application internals including environment variables, configuration properties, health status, thread dumps, and potentially enabling remote code execution through certain endpoints.',
|
|
244
254
|
severity: 'high',
|
|
255
|
+
levelId: 2,
|
|
245
256
|
category: 'information_disclosure',
|
|
246
257
|
scanner: 'sensitive-path-scout',
|
|
247
258
|
cvss: {
|
|
@@ -260,11 +271,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
260
271
|
},
|
|
261
272
|
|
|
262
273
|
[VulnerabilityCode.SENS_HIGH_SPRING_HEAPDUMP]: {
|
|
263
|
-
id:
|
|
274
|
+
id: 511,
|
|
264
275
|
code: VulnerabilityCode.SENS_HIGH_SPRING_HEAPDUMP,
|
|
265
276
|
title: 'Spring Boot Heapdump Exposed',
|
|
266
277
|
description: 'Spring Boot Actuator heapdump endpoint is accessible allowing download of JVM heap memory containing sensitive runtime data including session tokens, passwords, encryption keys, personal data, and other secrets temporarily held in application memory.',
|
|
267
278
|
severity: 'critical',
|
|
279
|
+
levelId: 1,
|
|
268
280
|
category: 'information_disclosure',
|
|
269
281
|
scanner: 'sensitive-path-scout',
|
|
270
282
|
cvss: {
|
|
@@ -282,11 +294,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
282
294
|
},
|
|
283
295
|
|
|
284
296
|
[VulnerabilityCode.SENS_HIGH_PHPINFO]: {
|
|
285
|
-
id:
|
|
297
|
+
id: 512,
|
|
286
298
|
code: VulnerabilityCode.SENS_HIGH_PHPINFO,
|
|
287
299
|
title: 'PHP Info Page Exposed',
|
|
288
300
|
description: 'PHP info page (phpinfo.php) is publicly accessible revealing complete server configuration including PHP version, loaded modules, environment variables, system paths, and potentially database connection strings that aid attackers in planning targeted attacks.',
|
|
289
301
|
severity: 'medium',
|
|
302
|
+
levelId: 3,
|
|
290
303
|
category: 'information_disclosure',
|
|
291
304
|
scanner: 'sensitive-path-scout',
|
|
292
305
|
cvss: {
|
|
@@ -304,11 +317,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
304
317
|
},
|
|
305
318
|
|
|
306
319
|
[VulnerabilityCode.SENS_HIGH_LARAVEL_DEBUG]: {
|
|
307
|
-
id:
|
|
320
|
+
id: 513,
|
|
308
321
|
code: VulnerabilityCode.SENS_HIGH_LARAVEL_DEBUG,
|
|
309
322
|
title: 'Laravel Debug Mode Enabled',
|
|
310
323
|
description: 'Laravel application is running with debug mode enabled in production, exposing detailed stack traces, database queries, environment variables, and potentially the APP_KEY which can be used to decrypt session data and forge authenticated sessions.',
|
|
311
324
|
severity: 'high',
|
|
325
|
+
levelId: 2,
|
|
312
326
|
category: 'information_disclosure',
|
|
313
327
|
scanner: 'sensitive-path-scout',
|
|
314
328
|
cvss: {
|
|
@@ -326,11 +340,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
326
340
|
},
|
|
327
341
|
|
|
328
342
|
[VulnerabilityCode.SENS_HIGH_GRAPHQL_INTROSPECTION]: {
|
|
329
|
-
id:
|
|
343
|
+
id: 514,
|
|
330
344
|
code: VulnerabilityCode.SENS_HIGH_GRAPHQL_INTROSPECTION,
|
|
331
345
|
title: 'GraphQL Introspection Enabled',
|
|
332
346
|
description: 'GraphQL API has introspection enabled in production, allowing attackers to query the complete schema including all types, queries, mutations, and fields, which reveals the entire API structure and aids in discovering sensitive operations and data access points.',
|
|
333
347
|
severity: 'medium',
|
|
348
|
+
levelId: 3,
|
|
334
349
|
category: 'information_disclosure',
|
|
335
350
|
scanner: 'sensitive-path-scout',
|
|
336
351
|
cvss: {
|
|
@@ -348,11 +363,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
348
363
|
},
|
|
349
364
|
|
|
350
365
|
[VulnerabilityCode.SENS_HIGH_DATABASE_BACKUP]: {
|
|
351
|
-
id:
|
|
366
|
+
id: 515,
|
|
352
367
|
code: VulnerabilityCode.SENS_HIGH_DATABASE_BACKUP,
|
|
353
368
|
title: 'Database Backup File Exposed',
|
|
354
369
|
description: 'Database backup or dump file (.sql, .dump, .bak) is publicly accessible containing complete database contents including user credentials, personal information, business data, and all other stored information enabling massive data breach.',
|
|
355
370
|
severity: 'critical',
|
|
371
|
+
levelId: 1,
|
|
356
372
|
category: 'information_disclosure',
|
|
357
373
|
scanner: 'sensitive-path-scout',
|
|
358
374
|
cvss: {
|
|
@@ -373,11 +389,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
373
389
|
// MEDIUM - API & SERVICE EXPOSURE
|
|
374
390
|
// ========================================
|
|
375
391
|
[VulnerabilityCode.SENS_MED_SWAGGER_DOCS]: {
|
|
376
|
-
id:
|
|
392
|
+
id: 516,
|
|
377
393
|
code: VulnerabilityCode.SENS_MED_SWAGGER_DOCS,
|
|
378
394
|
title: 'Swagger/OpenAPI Documentation Exposed',
|
|
379
395
|
description: 'API documentation (swagger.json, openapi.yaml) is publicly accessible revealing complete API structure including all endpoints, parameters, authentication methods, and data models which aids attackers in understanding and exploiting the API systematically.',
|
|
380
396
|
severity: 'low',
|
|
397
|
+
levelId: 4,
|
|
381
398
|
category: 'information_disclosure',
|
|
382
399
|
scanner: 'sensitive-path-scout',
|
|
383
400
|
cvss: {
|
|
@@ -395,11 +412,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
395
412
|
},
|
|
396
413
|
|
|
397
414
|
[VulnerabilityCode.SENS_MED_PROMETHEUS_METRICS]: {
|
|
398
|
-
id:
|
|
415
|
+
id: 517,
|
|
399
416
|
code: VulnerabilityCode.SENS_MED_PROMETHEUS_METRICS,
|
|
400
417
|
title: 'Prometheus Metrics Endpoint Exposed',
|
|
401
418
|
description: 'Prometheus metrics endpoint (/metrics) is publicly accessible exposing application performance data, error rates, request patterns, resource usage, and potentially business metrics that reveal internal operations and aid in planning attacks.',
|
|
402
419
|
severity: 'medium',
|
|
420
|
+
levelId: 3,
|
|
403
421
|
category: 'information_disclosure',
|
|
404
422
|
scanner: 'sensitive-path-scout',
|
|
405
423
|
cvss: {
|
|
@@ -417,11 +435,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
417
435
|
},
|
|
418
436
|
|
|
419
437
|
[VulnerabilityCode.SENS_MED_ADMIN_PANEL]: {
|
|
420
|
-
id:
|
|
438
|
+
id: 518,
|
|
421
439
|
code: VulnerabilityCode.SENS_MED_ADMIN_PANEL,
|
|
422
440
|
title: 'Admin Panel Publicly Accessible',
|
|
423
441
|
description: 'Administrative interface is accessible from the public internet without IP restrictions, enabling brute force attacks against admin credentials and exposing sensitive management functionality that should be restricted to internal networks only.',
|
|
424
442
|
severity: 'medium',
|
|
443
|
+
levelId: 3,
|
|
425
444
|
category: 'access_control',
|
|
426
445
|
scanner: 'sensitive-path-scout',
|
|
427
446
|
cvss: {
|
|
@@ -439,11 +458,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
439
458
|
},
|
|
440
459
|
|
|
441
460
|
[VulnerabilityCode.SENS_MED_SOURCE_MAP]: {
|
|
442
|
-
id:
|
|
461
|
+
id: 519,
|
|
443
462
|
code: VulnerabilityCode.SENS_MED_SOURCE_MAP,
|
|
444
463
|
title: 'JavaScript Source Maps Exposed',
|
|
445
464
|
description: 'JavaScript source map files (.js.map) are publicly accessible allowing attackers to view original unminified source code including comments, variable names, internal logic, and potentially security-sensitive implementation details.',
|
|
446
465
|
severity: 'low',
|
|
466
|
+
levelId: 4,
|
|
447
467
|
category: 'information_disclosure',
|
|
448
468
|
scanner: 'sensitive-path-scout',
|
|
449
469
|
cvss: {
|
|
@@ -463,11 +483,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
463
483
|
// EXTENDED SENSITIVE PATH EXPOSURES
|
|
464
484
|
// ========================================
|
|
465
485
|
[VulnerabilityCode.SENS_MED_UN_PROTECTED_CONFIG_JSON]: {
|
|
466
|
-
id:
|
|
486
|
+
id: 520,
|
|
467
487
|
code: VulnerabilityCode.SENS_MED_UN_PROTECTED_CONFIG_JSON,
|
|
468
488
|
title: 'Un Protected Config JSON',
|
|
469
489
|
description: 'The application exposes un protected config json in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
470
490
|
severity: 'medium',
|
|
491
|
+
levelId: 3,
|
|
471
492
|
category: 'information_disclosure',
|
|
472
493
|
scanner: 'sensitive-path-scout',
|
|
473
494
|
cvss: {
|
|
@@ -485,11 +506,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
485
506
|
},
|
|
486
507
|
|
|
487
508
|
[VulnerabilityCode.SENS_HIGH_WEB_SERVER_CONFIGURATION_FILE_DETECTED]: {
|
|
488
|
-
id:
|
|
509
|
+
id: 521,
|
|
489
510
|
code: VulnerabilityCode.SENS_HIGH_WEB_SERVER_CONFIGURATION_FILE_DETECTED,
|
|
490
511
|
title: 'Web Server Configuration File Detected',
|
|
491
512
|
description: 'The application exposes web server configuration file detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
492
513
|
severity: 'high',
|
|
514
|
+
levelId: 2,
|
|
493
515
|
category: 'information_disclosure',
|
|
494
516
|
scanner: 'sensitive-path-scout',
|
|
495
517
|
cvss: {
|
|
@@ -507,11 +529,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
507
529
|
},
|
|
508
530
|
|
|
509
531
|
[VulnerabilityCode.SENS_HIGH_APPSETTINGS_JSON_EXPOSED]: {
|
|
510
|
-
id:
|
|
532
|
+
id: 522,
|
|
511
533
|
code: VulnerabilityCode.SENS_HIGH_APPSETTINGS_JSON_EXPOSED,
|
|
512
534
|
title: 'Appsettings JSON Exposed',
|
|
513
535
|
description: 'The application exposes appsettings json exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
514
536
|
severity: 'high',
|
|
537
|
+
levelId: 2,
|
|
515
538
|
category: 'information_disclosure',
|
|
516
539
|
scanner: 'sensitive-path-scout',
|
|
517
540
|
cvss: {
|
|
@@ -529,11 +552,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
529
552
|
},
|
|
530
553
|
|
|
531
554
|
[VulnerabilityCode.SENS_HIGH_SPRING_CONFIG_EXPOSED]: {
|
|
532
|
-
id:
|
|
555
|
+
id: 523,
|
|
533
556
|
code: VulnerabilityCode.SENS_HIGH_SPRING_CONFIG_EXPOSED,
|
|
534
557
|
title: 'Spring Config Exposed',
|
|
535
558
|
description: 'The application exposes spring config exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
536
559
|
severity: 'high',
|
|
560
|
+
levelId: 2,
|
|
537
561
|
category: 'information_disclosure',
|
|
538
562
|
scanner: 'sensitive-path-scout',
|
|
539
563
|
cvss: {
|
|
@@ -551,11 +575,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
551
575
|
},
|
|
552
576
|
|
|
553
577
|
[VulnerabilityCode.SENS_HIGH_NPMRC_EXPOSED]: {
|
|
554
|
-
id:
|
|
578
|
+
id: 524,
|
|
555
579
|
code: VulnerabilityCode.SENS_HIGH_NPMRC_EXPOSED,
|
|
556
580
|
title: 'Npmrc Exposed',
|
|
557
581
|
description: 'The application exposes npmrc exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
558
582
|
severity: 'high',
|
|
583
|
+
levelId: 2,
|
|
559
584
|
category: 'information_disclosure',
|
|
560
585
|
scanner: 'sensitive-path-scout',
|
|
561
586
|
cvss: {
|
|
@@ -573,11 +598,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
573
598
|
},
|
|
574
599
|
|
|
575
600
|
[VulnerabilityCode.SENS_LOW_TOML_PROJECT_FILE_EXPOSED]: {
|
|
576
|
-
id:
|
|
601
|
+
id: 525,
|
|
577
602
|
code: VulnerabilityCode.SENS_LOW_TOML_PROJECT_FILE_EXPOSED,
|
|
578
603
|
title: 'TOML Project File Exposed',
|
|
579
604
|
description: 'The application exposes toml project file exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
580
605
|
severity: 'low',
|
|
606
|
+
levelId: 4,
|
|
581
607
|
category: 'information_disclosure',
|
|
582
608
|
scanner: 'sensitive-path-scout',
|
|
583
609
|
cvss: {
|
|
@@ -595,11 +621,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
595
621
|
},
|
|
596
622
|
|
|
597
623
|
[VulnerabilityCode.SENS_HIGH_RAILS_DATABASE_YML_EXPOSED]: {
|
|
598
|
-
id:
|
|
624
|
+
id: 526,
|
|
599
625
|
code: VulnerabilityCode.SENS_HIGH_RAILS_DATABASE_YML_EXPOSED,
|
|
600
626
|
title: 'Rails Database YML Exposed',
|
|
601
627
|
description: 'The application exposes rails database yml exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
602
628
|
severity: 'high',
|
|
629
|
+
levelId: 2,
|
|
603
630
|
category: 'information_disclosure',
|
|
604
631
|
scanner: 'sensitive-path-scout',
|
|
605
632
|
cvss: {
|
|
@@ -617,11 +644,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
617
644
|
},
|
|
618
645
|
|
|
619
646
|
[VulnerabilityCode.SENS_HIGH_DRUPAL_SETTINGS_PHP_EXPOSED]: {
|
|
620
|
-
id:
|
|
647
|
+
id: 527,
|
|
621
648
|
code: VulnerabilityCode.SENS_HIGH_DRUPAL_SETTINGS_PHP_EXPOSED,
|
|
622
649
|
title: 'Drupal Settings PHP Exposed',
|
|
623
650
|
description: 'The application exposes drupal settings php exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
624
651
|
severity: 'high',
|
|
652
|
+
levelId: 2,
|
|
625
653
|
category: 'information_disclosure',
|
|
626
654
|
scanner: 'sensitive-path-scout',
|
|
627
655
|
cvss: {
|
|
@@ -639,11 +667,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
639
667
|
},
|
|
640
668
|
|
|
641
669
|
[VulnerabilityCode.SENS_HIGH_MAGENTO_ENV_PHP_EXPOSED]: {
|
|
642
|
-
id:
|
|
670
|
+
id: 528,
|
|
643
671
|
code: VulnerabilityCode.SENS_HIGH_MAGENTO_ENV_PHP_EXPOSED,
|
|
644
672
|
title: 'Magento Env PHP Exposed',
|
|
645
673
|
description: 'The application exposes magento env php exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
646
674
|
severity: 'high',
|
|
675
|
+
levelId: 2,
|
|
647
676
|
category: 'information_disclosure',
|
|
648
677
|
scanner: 'sensitive-path-scout',
|
|
649
678
|
cvss: {
|
|
@@ -661,11 +690,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
661
690
|
},
|
|
662
691
|
|
|
663
692
|
[VulnerabilityCode.SENS_HIGH_JOLOKIA_EXPOSED]: {
|
|
664
|
-
id:
|
|
693
|
+
id: 529,
|
|
665
694
|
code: VulnerabilityCode.SENS_HIGH_JOLOKIA_EXPOSED,
|
|
666
695
|
title: 'Jolokia Exposed',
|
|
667
696
|
description: 'The application exposes jolokia exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
668
697
|
severity: 'high',
|
|
698
|
+
levelId: 2,
|
|
669
699
|
category: 'information_disclosure',
|
|
670
700
|
scanner: 'sensitive-path-scout',
|
|
671
701
|
cvss: {
|
|
@@ -683,11 +713,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
683
713
|
},
|
|
684
714
|
|
|
685
715
|
[VulnerabilityCode.SENS_HIGH_SVN_WORKING_COPY_DATABASE_EXPOSED]: {
|
|
686
|
-
id:
|
|
716
|
+
id: 530,
|
|
687
717
|
code: VulnerabilityCode.SENS_HIGH_SVN_WORKING_COPY_DATABASE_EXPOSED,
|
|
688
718
|
title: 'SVN Working Copy Database Exposed',
|
|
689
719
|
description: 'The application exposes svn working copy database exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
690
720
|
severity: 'high',
|
|
721
|
+
levelId: 2,
|
|
691
722
|
category: 'information_disclosure',
|
|
692
723
|
scanner: 'sensitive-path-scout',
|
|
693
724
|
cvss: {
|
|
@@ -705,11 +736,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
705
736
|
},
|
|
706
737
|
|
|
707
738
|
[VulnerabilityCode.SENS_HIGH_SUBVERSION_REPOSITORY_DETECTED]: {
|
|
708
|
-
id:
|
|
739
|
+
id: 531,
|
|
709
740
|
code: VulnerabilityCode.SENS_HIGH_SUBVERSION_REPOSITORY_DETECTED,
|
|
710
741
|
title: 'Subversion Repository Detected',
|
|
711
742
|
description: 'The application exposes subversion repository detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
712
743
|
severity: 'high',
|
|
744
|
+
levelId: 2,
|
|
713
745
|
category: 'information_disclosure',
|
|
714
746
|
scanner: 'sensitive-path-scout',
|
|
715
747
|
cvss: {
|
|
@@ -727,11 +759,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
727
759
|
},
|
|
728
760
|
|
|
729
761
|
[VulnerabilityCode.SENS_MED_MERCURIAL_REPOSITORY_FOUND]: {
|
|
730
|
-
id:
|
|
762
|
+
id: 532,
|
|
731
763
|
code: VulnerabilityCode.SENS_MED_MERCURIAL_REPOSITORY_FOUND,
|
|
732
764
|
title: 'Mercurial Repository Found',
|
|
733
765
|
description: 'The application exposes mercurial repository found in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
734
766
|
severity: 'medium',
|
|
767
|
+
levelId: 3,
|
|
735
768
|
category: 'information_disclosure',
|
|
736
769
|
scanner: 'sensitive-path-scout',
|
|
737
770
|
cvss: {
|
|
@@ -749,11 +782,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
749
782
|
},
|
|
750
783
|
|
|
751
784
|
[VulnerabilityCode.SENS_MED_MERCURIAL_HGRC_EXPOSED]: {
|
|
752
|
-
id:
|
|
785
|
+
id: 533,
|
|
753
786
|
code: VulnerabilityCode.SENS_MED_MERCURIAL_HGRC_EXPOSED,
|
|
754
787
|
title: 'Mercurial Hgrc Exposed',
|
|
755
788
|
description: 'The application exposes mercurial hgrc exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
756
789
|
severity: 'medium',
|
|
790
|
+
levelId: 3,
|
|
757
791
|
category: 'information_disclosure',
|
|
758
792
|
scanner: 'sensitive-path-scout',
|
|
759
793
|
cvss: {
|
|
@@ -771,11 +805,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
771
805
|
},
|
|
772
806
|
|
|
773
807
|
[VulnerabilityCode.SENS_MED_CVS_ROOT_EXPOSED]: {
|
|
774
|
-
id:
|
|
808
|
+
id: 534,
|
|
775
809
|
code: VulnerabilityCode.SENS_MED_CVS_ROOT_EXPOSED,
|
|
776
810
|
title: 'CVS Root Exposed',
|
|
777
811
|
description: 'The application exposes cvs root exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
778
812
|
severity: 'medium',
|
|
813
|
+
levelId: 3,
|
|
779
814
|
category: 'information_disclosure',
|
|
780
815
|
scanner: 'sensitive-path-scout',
|
|
781
816
|
cvss: {
|
|
@@ -793,11 +828,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
793
828
|
},
|
|
794
829
|
|
|
795
830
|
[VulnerabilityCode.SENS_MED_CVS_ENTRIES_EXPOSED]: {
|
|
796
|
-
id:
|
|
831
|
+
id: 535,
|
|
797
832
|
code: VulnerabilityCode.SENS_MED_CVS_ENTRIES_EXPOSED,
|
|
798
833
|
title: 'CVS Entries Exposed',
|
|
799
834
|
description: 'The application exposes cvs entries exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
800
835
|
severity: 'medium',
|
|
836
|
+
levelId: 3,
|
|
801
837
|
category: 'information_disclosure',
|
|
802
838
|
scanner: 'sensitive-path-scout',
|
|
803
839
|
cvss: {
|
|
@@ -815,11 +851,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
815
851
|
},
|
|
816
852
|
|
|
817
853
|
[VulnerabilityCode.SENS_MED_BAZAAR_REPO_EXPOSED]: {
|
|
818
|
-
id:
|
|
854
|
+
id: 536,
|
|
819
855
|
code: VulnerabilityCode.SENS_MED_BAZAAR_REPO_EXPOSED,
|
|
820
856
|
title: 'Bazaar Repo Exposed',
|
|
821
857
|
description: 'The application exposes bazaar repo exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
822
858
|
severity: 'medium',
|
|
859
|
+
levelId: 3,
|
|
823
860
|
category: 'information_disclosure',
|
|
824
861
|
scanner: 'sensitive-path-scout',
|
|
825
862
|
cvss: {
|
|
@@ -837,11 +874,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
837
874
|
},
|
|
838
875
|
|
|
839
876
|
[VulnerabilityCode.SENS_HIGH_SPRING_BOOT_THREAD_DUMP_EXPOSED]: {
|
|
840
|
-
id:
|
|
877
|
+
id: 537,
|
|
841
878
|
code: VulnerabilityCode.SENS_HIGH_SPRING_BOOT_THREAD_DUMP_EXPOSED,
|
|
842
879
|
title: 'Spring Boot Thread Dump Exposed',
|
|
843
880
|
description: 'The application exposes spring boot thread dump exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
844
881
|
severity: 'high',
|
|
882
|
+
levelId: 2,
|
|
845
883
|
category: 'information_disclosure',
|
|
846
884
|
scanner: 'sensitive-path-scout',
|
|
847
885
|
cvss: {
|
|
@@ -859,11 +897,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
859
897
|
},
|
|
860
898
|
|
|
861
899
|
[VulnerabilityCode.SENS_HIGH_REDIS_RDB_DUMP_DETECTED]: {
|
|
862
|
-
id:
|
|
900
|
+
id: 538,
|
|
863
901
|
code: VulnerabilityCode.SENS_HIGH_REDIS_RDB_DUMP_DETECTED,
|
|
864
902
|
title: 'Redis Rdb Dump Detected',
|
|
865
903
|
description: 'The application exposes redis rdb dump detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
866
904
|
severity: 'high',
|
|
905
|
+
levelId: 2,
|
|
867
906
|
category: 'information_disclosure',
|
|
868
907
|
scanner: 'sensitive-path-scout',
|
|
869
908
|
cvss: {
|
|
@@ -881,11 +920,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
881
920
|
},
|
|
882
921
|
|
|
883
922
|
[VulnerabilityCode.SENS_LOW_ATLASSIAN_BITBUCKET_PIPELINES_CONFIGURATION_DETECTED]: {
|
|
884
|
-
id:
|
|
923
|
+
id: 539,
|
|
885
924
|
code: VulnerabilityCode.SENS_LOW_ATLASSIAN_BITBUCKET_PIPELINES_CONFIGURATION_DETECTED,
|
|
886
925
|
title: 'Atlassian Bitbucket Pipelines Configuration Detected',
|
|
887
926
|
description: 'The application exposes atlassian bitbucket pipelines configuration detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
888
927
|
severity: 'low',
|
|
928
|
+
levelId: 4,
|
|
889
929
|
category: 'information_disclosure',
|
|
890
930
|
scanner: 'sensitive-path-scout',
|
|
891
931
|
cvss: {
|
|
@@ -903,11 +943,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
903
943
|
},
|
|
904
944
|
|
|
905
945
|
[VulnerabilityCode.SENS_LOW_AZURE_PIPELINES_CONFIGURATION_DETECTED]: {
|
|
906
|
-
id:
|
|
946
|
+
id: 540,
|
|
907
947
|
code: VulnerabilityCode.SENS_LOW_AZURE_PIPELINES_CONFIGURATION_DETECTED,
|
|
908
948
|
title: 'AZURE Pipelines Configuration Detected',
|
|
909
949
|
description: 'The application exposes azure pipelines configuration detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
910
950
|
severity: 'low',
|
|
951
|
+
levelId: 4,
|
|
911
952
|
category: 'information_disclosure',
|
|
912
953
|
scanner: 'sensitive-path-scout',
|
|
913
954
|
cvss: {
|
|
@@ -925,11 +966,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
925
966
|
},
|
|
926
967
|
|
|
927
968
|
[VulnerabilityCode.SENS_LOW_AWS_CODE_BUILD_BUILDSPEC_DETECTED]: {
|
|
928
|
-
id:
|
|
969
|
+
id: 541,
|
|
929
970
|
code: VulnerabilityCode.SENS_LOW_AWS_CODE_BUILD_BUILDSPEC_DETECTED,
|
|
930
971
|
title: 'AWS Code Build Buildspec Detected',
|
|
931
972
|
description: 'The application exposes aws code build buildspec detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
932
973
|
severity: 'low',
|
|
974
|
+
levelId: 4,
|
|
933
975
|
category: 'information_disclosure',
|
|
934
976
|
scanner: 'sensitive-path-scout',
|
|
935
977
|
cvss: {
|
|
@@ -947,11 +989,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
947
989
|
},
|
|
948
990
|
|
|
949
991
|
[VulnerabilityCode.SENS_LOW_GITHUB_ACTIONS_WORKFLOW_DETECTED]: {
|
|
950
|
-
id:
|
|
992
|
+
id: 542,
|
|
951
993
|
code: VulnerabilityCode.SENS_LOW_GITHUB_ACTIONS_WORKFLOW_DETECTED,
|
|
952
994
|
title: 'Github Actions Workflow Detected',
|
|
953
995
|
description: 'The application exposes github actions workflow detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
954
996
|
severity: 'low',
|
|
997
|
+
levelId: 4,
|
|
955
998
|
category: 'information_disclosure',
|
|
956
999
|
scanner: 'sensitive-path-scout',
|
|
957
1000
|
cvss: {
|
|
@@ -969,11 +1012,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
969
1012
|
},
|
|
970
1013
|
|
|
971
1014
|
[VulnerabilityCode.SENS_MED_DOCKER_COMPOSE_CONFIGURATION_DETECTED]: {
|
|
972
|
-
id:
|
|
1015
|
+
id: 543,
|
|
973
1016
|
code: VulnerabilityCode.SENS_MED_DOCKER_COMPOSE_CONFIGURATION_DETECTED,
|
|
974
1017
|
title: 'Docker Compose Configuration Detected',
|
|
975
1018
|
description: 'The application exposes docker compose configuration detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
976
1019
|
severity: 'medium',
|
|
1020
|
+
levelId: 3,
|
|
977
1021
|
category: 'information_disclosure',
|
|
978
1022
|
scanner: 'sensitive-path-scout',
|
|
979
1023
|
cvss: {
|
|
@@ -991,11 +1035,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
991
1035
|
},
|
|
992
1036
|
|
|
993
1037
|
[VulnerabilityCode.SENS_HIGH_TRACE_AXD]: {
|
|
994
|
-
id:
|
|
1038
|
+
id: 544,
|
|
995
1039
|
code: VulnerabilityCode.SENS_HIGH_TRACE_AXD,
|
|
996
1040
|
title: 'Trace Axd',
|
|
997
1041
|
description: 'The application exposes trace axd in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
998
1042
|
severity: 'high',
|
|
1043
|
+
levelId: 2,
|
|
999
1044
|
category: 'information_disclosure',
|
|
1000
1045
|
scanner: 'sensitive-path-scout',
|
|
1001
1046
|
cvss: {
|
|
@@ -1013,11 +1058,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1013
1058
|
},
|
|
1014
1059
|
|
|
1015
1060
|
[VulnerabilityCode.SENS_HIGH_ELMAH_AXD_EXPOSED]: {
|
|
1016
|
-
id:
|
|
1061
|
+
id: 545,
|
|
1017
1062
|
code: VulnerabilityCode.SENS_HIGH_ELMAH_AXD_EXPOSED,
|
|
1018
1063
|
title: 'Elmah Axd Exposed',
|
|
1019
1064
|
description: 'The application exposes elmah axd exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1020
1065
|
severity: 'high',
|
|
1066
|
+
levelId: 2,
|
|
1021
1067
|
category: 'information_disclosure',
|
|
1022
1068
|
scanner: 'sensitive-path-scout',
|
|
1023
1069
|
cvss: {
|
|
@@ -1035,11 +1081,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1035
1081
|
},
|
|
1036
1082
|
|
|
1037
1083
|
[VulnerabilityCode.SENS_MED_LARAVEL_LOG_VIEWER_ENABLED]: {
|
|
1038
|
-
id:
|
|
1084
|
+
id: 546,
|
|
1039
1085
|
code: VulnerabilityCode.SENS_MED_LARAVEL_LOG_VIEWER_ENABLED,
|
|
1040
1086
|
title: 'Laravel Log Viewer Enabled',
|
|
1041
1087
|
description: 'The application exposes laravel log viewer enabled in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1042
1088
|
severity: 'medium',
|
|
1089
|
+
levelId: 3,
|
|
1043
1090
|
category: 'information_disclosure',
|
|
1044
1091
|
scanner: 'sensitive-path-scout',
|
|
1045
1092
|
cvss: {
|
|
@@ -1057,11 +1104,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1057
1104
|
},
|
|
1058
1105
|
|
|
1059
1106
|
[VulnerabilityCode.SENS_MED_APACHE_HTACCESS_FILE_DETECTED]: {
|
|
1060
|
-
id:
|
|
1107
|
+
id: 547,
|
|
1061
1108
|
code: VulnerabilityCode.SENS_MED_APACHE_HTACCESS_FILE_DETECTED,
|
|
1062
1109
|
title: 'Apache Htaccess File Detected',
|
|
1063
1110
|
description: 'The application exposes apache htaccess file detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1064
1111
|
severity: 'medium',
|
|
1112
|
+
levelId: 3,
|
|
1065
1113
|
category: 'information_disclosure',
|
|
1066
1114
|
scanner: 'sensitive-path-scout',
|
|
1067
1115
|
cvss: {
|
|
@@ -1079,11 +1127,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1079
1127
|
},
|
|
1080
1128
|
|
|
1081
1129
|
[VulnerabilityCode.SENS_MED_APACHE_SERVER_INFO_EXPOSED]: {
|
|
1082
|
-
id:
|
|
1130
|
+
id: 548,
|
|
1083
1131
|
code: VulnerabilityCode.SENS_MED_APACHE_SERVER_INFO_EXPOSED,
|
|
1084
1132
|
title: 'Apache Server Info Exposed',
|
|
1085
1133
|
description: 'The application exposes apache server info exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1086
1134
|
severity: 'medium',
|
|
1135
|
+
levelId: 3,
|
|
1087
1136
|
category: 'information_disclosure',
|
|
1088
1137
|
scanner: 'sensitive-path-scout',
|
|
1089
1138
|
cvss: {
|
|
@@ -1101,11 +1150,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1101
1150
|
},
|
|
1102
1151
|
|
|
1103
1152
|
[VulnerabilityCode.SENS_HIGH_SQLITE_DATABASE_DETECTED]: {
|
|
1104
|
-
id:
|
|
1153
|
+
id: 549,
|
|
1105
1154
|
code: VulnerabilityCode.SENS_HIGH_SQLITE_DATABASE_DETECTED,
|
|
1106
1155
|
title: 'Sqlite Database Detected',
|
|
1107
1156
|
description: 'The application exposes sqlite database detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1108
1157
|
severity: 'high',
|
|
1158
|
+
levelId: 2,
|
|
1109
1159
|
category: 'information_disclosure',
|
|
1110
1160
|
scanner: 'sensitive-path-scout',
|
|
1111
1161
|
cvss: {
|
|
@@ -1123,11 +1173,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1123
1173
|
},
|
|
1124
1174
|
|
|
1125
1175
|
[VulnerabilityCode.SENS_MED_PACKAGE_DEPENDENCIES_DETECTED]: {
|
|
1126
|
-
id:
|
|
1176
|
+
id: 550,
|
|
1127
1177
|
code: VulnerabilityCode.SENS_MED_PACKAGE_DEPENDENCIES_DETECTED,
|
|
1128
1178
|
title: 'Package Dependencies Detected',
|
|
1129
1179
|
description: 'The application exposes package dependencies detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1130
1180
|
severity: 'medium',
|
|
1181
|
+
levelId: 3,
|
|
1131
1182
|
category: 'information_disclosure',
|
|
1132
1183
|
scanner: 'sensitive-path-scout',
|
|
1133
1184
|
cvss: {
|
|
@@ -1145,11 +1196,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1145
1196
|
},
|
|
1146
1197
|
|
|
1147
1198
|
[VulnerabilityCode.SENS_MED_PHP_COMPOSER_DEPENDENCIES_DETECTED]: {
|
|
1148
|
-
id:
|
|
1199
|
+
id: 551,
|
|
1149
1200
|
code: VulnerabilityCode.SENS_MED_PHP_COMPOSER_DEPENDENCIES_DETECTED,
|
|
1150
1201
|
title: 'PHP Composer Dependencies Detected',
|
|
1151
1202
|
description: 'The application exposes php composer dependencies detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1152
1203
|
severity: 'medium',
|
|
1204
|
+
levelId: 3,
|
|
1153
1205
|
category: 'information_disclosure',
|
|
1154
1206
|
scanner: 'sensitive-path-scout',
|
|
1155
1207
|
cvss: {
|
|
@@ -1167,11 +1219,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1167
1219
|
},
|
|
1168
1220
|
|
|
1169
1221
|
[VulnerabilityCode.SENS_LOW_PYTHON_REQUIREMENTS_DETECTED]: {
|
|
1170
|
-
id:
|
|
1222
|
+
id: 552,
|
|
1171
1223
|
code: VulnerabilityCode.SENS_LOW_PYTHON_REQUIREMENTS_DETECTED,
|
|
1172
1224
|
title: 'Python Requirements Detected',
|
|
1173
1225
|
description: 'The application exposes python requirements detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1174
1226
|
severity: 'low',
|
|
1227
|
+
levelId: 4,
|
|
1175
1228
|
category: 'information_disclosure',
|
|
1176
1229
|
scanner: 'sensitive-path-scout',
|
|
1177
1230
|
cvss: {
|
|
@@ -1189,11 +1242,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1189
1242
|
},
|
|
1190
1243
|
|
|
1191
1244
|
[VulnerabilityCode.SENS_HIGH_AWS_CONFIG_EXPOSED]: {
|
|
1192
|
-
id:
|
|
1245
|
+
id: 553,
|
|
1193
1246
|
code: VulnerabilityCode.SENS_HIGH_AWS_CONFIG_EXPOSED,
|
|
1194
1247
|
title: 'AWS Config Exposed',
|
|
1195
1248
|
description: 'The application exposes aws config exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1196
1249
|
severity: 'high',
|
|
1250
|
+
levelId: 2,
|
|
1197
1251
|
category: 'information_disclosure',
|
|
1198
1252
|
scanner: 'sensitive-path-scout',
|
|
1199
1253
|
cvss: {
|
|
@@ -1211,11 +1265,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1211
1265
|
},
|
|
1212
1266
|
|
|
1213
1267
|
[VulnerabilityCode.SENS_HIGH_AZURE_CREDENTIALS_EXPOSED]: {
|
|
1214
|
-
id:
|
|
1268
|
+
id: 554,
|
|
1215
1269
|
code: VulnerabilityCode.SENS_HIGH_AZURE_CREDENTIALS_EXPOSED,
|
|
1216
1270
|
title: 'AZURE Credentials Exposed',
|
|
1217
1271
|
description: 'The application exposes azure credentials exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1218
1272
|
severity: 'high',
|
|
1273
|
+
levelId: 2,
|
|
1219
1274
|
category: 'information_disclosure',
|
|
1220
1275
|
scanner: 'sensitive-path-scout',
|
|
1221
1276
|
cvss: {
|
|
@@ -1233,11 +1288,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1233
1288
|
},
|
|
1234
1289
|
|
|
1235
1290
|
[VulnerabilityCode.SENS_HIGH_HELM_VALUES_EXPOSED]: {
|
|
1236
|
-
id:
|
|
1291
|
+
id: 555,
|
|
1237
1292
|
code: VulnerabilityCode.SENS_HIGH_HELM_VALUES_EXPOSED,
|
|
1238
1293
|
title: 'Helm Values Exposed',
|
|
1239
1294
|
description: 'The application exposes helm values exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1240
1295
|
severity: 'high',
|
|
1296
|
+
levelId: 2,
|
|
1241
1297
|
category: 'information_disclosure',
|
|
1242
1298
|
scanner: 'sensitive-path-scout',
|
|
1243
1299
|
cvss: {
|
|
@@ -1255,11 +1311,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1255
1311
|
},
|
|
1256
1312
|
|
|
1257
1313
|
[VulnerabilityCode.SENS_MED_SSH_PUBLIC_KEY_EXPOSED]: {
|
|
1258
|
-
id:
|
|
1314
|
+
id: 556,
|
|
1259
1315
|
code: VulnerabilityCode.SENS_MED_SSH_PUBLIC_KEY_EXPOSED,
|
|
1260
1316
|
title: 'SSH Public Key Exposed',
|
|
1261
1317
|
description: 'The application exposes ssh public key exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1262
1318
|
severity: 'medium',
|
|
1319
|
+
levelId: 3,
|
|
1263
1320
|
category: 'information_disclosure',
|
|
1264
1321
|
scanner: 'sensitive-path-scout',
|
|
1265
1322
|
cvss: {
|
|
@@ -1277,11 +1334,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1277
1334
|
},
|
|
1278
1335
|
|
|
1279
1336
|
[VulnerabilityCode.SENS_MED_SSL_CERTIFICATE_EXPOSED]: {
|
|
1280
|
-
id:
|
|
1337
|
+
id: 557,
|
|
1281
1338
|
code: VulnerabilityCode.SENS_MED_SSL_CERTIFICATE_EXPOSED,
|
|
1282
1339
|
title: 'SSL Certificate Exposed',
|
|
1283
1340
|
description: 'The application exposes ssl certificate exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1284
1341
|
severity: 'medium',
|
|
1342
|
+
levelId: 3,
|
|
1285
1343
|
category: 'information_disclosure',
|
|
1286
1344
|
scanner: 'sensitive-path-scout',
|
|
1287
1345
|
cvss: {
|
|
@@ -1299,11 +1357,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1299
1357
|
},
|
|
1300
1358
|
|
|
1301
1359
|
[VulnerabilityCode.SENS_MED_GRAPH_QL_ENDPOINT_EXPOSED]: {
|
|
1302
|
-
id:
|
|
1360
|
+
id: 558,
|
|
1303
1361
|
code: VulnerabilityCode.SENS_MED_GRAPH_QL_ENDPOINT_EXPOSED,
|
|
1304
1362
|
title: 'Graph Ql Endpoint Exposed',
|
|
1305
1363
|
description: 'The application exposes graph ql endpoint exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1306
1364
|
severity: 'medium',
|
|
1365
|
+
levelId: 3,
|
|
1307
1366
|
category: 'information_disclosure',
|
|
1308
1367
|
scanner: 'sensitive-path-scout',
|
|
1309
1368
|
cvss: {
|
|
@@ -1321,11 +1380,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1321
1380
|
},
|
|
1322
1381
|
|
|
1323
1382
|
[VulnerabilityCode.SENS_MED_GRAPHI_QL_EXPOSED]: {
|
|
1324
|
-
id:
|
|
1383
|
+
id: 559,
|
|
1325
1384
|
code: VulnerabilityCode.SENS_MED_GRAPHI_QL_EXPOSED,
|
|
1326
1385
|
title: 'Graphi Ql Exposed',
|
|
1327
1386
|
description: 'The application exposes graphi ql exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1328
1387
|
severity: 'medium',
|
|
1388
|
+
levelId: 3,
|
|
1329
1389
|
category: 'information_disclosure',
|
|
1330
1390
|
scanner: 'sensitive-path-scout',
|
|
1331
1391
|
cvss: {
|
|
@@ -1343,11 +1403,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1343
1403
|
},
|
|
1344
1404
|
|
|
1345
1405
|
[VulnerabilityCode.SENS_MED_TERRAFORM_LOCK_EXPOSED]: {
|
|
1346
|
-
id:
|
|
1406
|
+
id: 560,
|
|
1347
1407
|
code: VulnerabilityCode.SENS_MED_TERRAFORM_LOCK_EXPOSED,
|
|
1348
1408
|
title: 'Terraform Lock Exposed',
|
|
1349
1409
|
description: 'The application exposes terraform lock exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1350
1410
|
severity: 'medium',
|
|
1411
|
+
levelId: 3,
|
|
1351
1412
|
category: 'information_disclosure',
|
|
1352
1413
|
scanner: 'sensitive-path-scout',
|
|
1353
1414
|
cvss: {
|
|
@@ -1365,11 +1426,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1365
1426
|
},
|
|
1366
1427
|
|
|
1367
1428
|
[VulnerabilityCode.SENS_HIGH_TERRAFORM_VARS_EXPOSED]: {
|
|
1368
|
-
id:
|
|
1429
|
+
id: 561,
|
|
1369
1430
|
code: VulnerabilityCode.SENS_HIGH_TERRAFORM_VARS_EXPOSED,
|
|
1370
1431
|
title: 'Terraform Vars Exposed',
|
|
1371
1432
|
description: 'The application exposes terraform vars exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1372
1433
|
severity: 'high',
|
|
1434
|
+
levelId: 2,
|
|
1373
1435
|
category: 'information_disclosure',
|
|
1374
1436
|
scanner: 'sensitive-path-scout',
|
|
1375
1437
|
cvss: {
|
|
@@ -1387,11 +1449,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1387
1449
|
},
|
|
1388
1450
|
|
|
1389
1451
|
[VulnerabilityCode.SENS_MED_ERROR_LOG_EXPOSED]: {
|
|
1390
|
-
id:
|
|
1452
|
+
id: 562,
|
|
1391
1453
|
code: VulnerabilityCode.SENS_MED_ERROR_LOG_EXPOSED,
|
|
1392
1454
|
title: 'Error Log Exposed',
|
|
1393
1455
|
description: 'The application exposes error log exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1394
1456
|
severity: 'medium',
|
|
1457
|
+
levelId: 3,
|
|
1395
1458
|
category: 'information_disclosure',
|
|
1396
1459
|
scanner: 'sensitive-path-scout',
|
|
1397
1460
|
cvss: {
|
|
@@ -1409,11 +1472,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1409
1472
|
},
|
|
1410
1473
|
|
|
1411
1474
|
[VulnerabilityCode.SENS_MED_ACCESS_LOG_EXPOSED]: {
|
|
1412
|
-
id:
|
|
1475
|
+
id: 563,
|
|
1413
1476
|
code: VulnerabilityCode.SENS_MED_ACCESS_LOG_EXPOSED,
|
|
1414
1477
|
title: 'Access Log Exposed',
|
|
1415
1478
|
description: 'The application exposes access log exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1416
1479
|
severity: 'medium',
|
|
1480
|
+
levelId: 3,
|
|
1417
1481
|
category: 'information_disclosure',
|
|
1418
1482
|
scanner: 'sensitive-path-scout',
|
|
1419
1483
|
cvss: {
|
|
@@ -1431,11 +1495,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1431
1495
|
},
|
|
1432
1496
|
|
|
1433
1497
|
[VulnerabilityCode.SENS_MED_DEBUG_LOG_EXPOSED]: {
|
|
1434
|
-
id:
|
|
1498
|
+
id: 564,
|
|
1435
1499
|
code: VulnerabilityCode.SENS_MED_DEBUG_LOG_EXPOSED,
|
|
1436
1500
|
title: 'Debug Log Exposed',
|
|
1437
1501
|
description: 'The application exposes debug log exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1438
1502
|
severity: 'medium',
|
|
1503
|
+
levelId: 3,
|
|
1439
1504
|
category: 'information_disclosure',
|
|
1440
1505
|
scanner: 'sensitive-path-scout',
|
|
1441
1506
|
cvss: {
|
|
@@ -1453,11 +1518,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1453
1518
|
},
|
|
1454
1519
|
|
|
1455
1520
|
[VulnerabilityCode.SENS_MED_APPLICATION_LOG_EXPOSED]: {
|
|
1456
|
-
id:
|
|
1521
|
+
id: 565,
|
|
1457
1522
|
code: VulnerabilityCode.SENS_MED_APPLICATION_LOG_EXPOSED,
|
|
1458
1523
|
title: 'Application Log Exposed',
|
|
1459
1524
|
description: 'The application exposes application log exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1460
1525
|
severity: 'medium',
|
|
1526
|
+
levelId: 3,
|
|
1461
1527
|
category: 'information_disclosure',
|
|
1462
1528
|
scanner: 'sensitive-path-scout',
|
|
1463
1529
|
cvss: {
|
|
@@ -1475,11 +1541,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1475
1541
|
},
|
|
1476
1542
|
|
|
1477
1543
|
[VulnerabilityCode.SENS_HIGH_LARAVEL_LOG_EXPOSED]: {
|
|
1478
|
-
id:
|
|
1544
|
+
id: 566,
|
|
1479
1545
|
code: VulnerabilityCode.SENS_HIGH_LARAVEL_LOG_EXPOSED,
|
|
1480
1546
|
title: 'Laravel Log Exposed',
|
|
1481
1547
|
description: 'The application exposes laravel log exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1482
1548
|
severity: 'high',
|
|
1549
|
+
levelId: 2,
|
|
1483
1550
|
category: 'information_disclosure',
|
|
1484
1551
|
scanner: 'sensitive-path-scout',
|
|
1485
1552
|
cvss: {
|
|
@@ -1497,11 +1564,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1497
1564
|
},
|
|
1498
1565
|
|
|
1499
1566
|
[VulnerabilityCode.SENS_HIGH_WORD_PRESS_DEBUG_LOG_EXPOSED]: {
|
|
1500
|
-
id:
|
|
1567
|
+
id: 567,
|
|
1501
1568
|
code: VulnerabilityCode.SENS_HIGH_WORD_PRESS_DEBUG_LOG_EXPOSED,
|
|
1502
1569
|
title: 'Word Press Debug Log Exposed',
|
|
1503
1570
|
description: 'The application exposes word press debug log exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1504
1571
|
severity: 'high',
|
|
1572
|
+
levelId: 2,
|
|
1505
1573
|
category: 'information_disclosure',
|
|
1506
1574
|
scanner: 'sensitive-path-scout',
|
|
1507
1575
|
cvss: {
|
|
@@ -1519,11 +1587,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1519
1587
|
},
|
|
1520
1588
|
|
|
1521
1589
|
[VulnerabilityCode.SENS_HIGH_ADMINER_EXPOSED]: {
|
|
1522
|
-
id:
|
|
1590
|
+
id: 568,
|
|
1523
1591
|
code: VulnerabilityCode.SENS_HIGH_ADMINER_EXPOSED,
|
|
1524
1592
|
title: 'Adminer Exposed',
|
|
1525
1593
|
description: 'The application exposes adminer exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1526
1594
|
severity: 'high',
|
|
1595
|
+
levelId: 2,
|
|
1527
1596
|
category: 'information_disclosure',
|
|
1528
1597
|
scanner: 'sensitive-path-scout',
|
|
1529
1598
|
cvss: {
|
|
@@ -1541,11 +1610,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1541
1610
|
},
|
|
1542
1611
|
|
|
1543
1612
|
[VulnerabilityCode.SENS_MED_WSDL_EXPOSED]: {
|
|
1544
|
-
id:
|
|
1613
|
+
id: 569,
|
|
1545
1614
|
code: VulnerabilityCode.SENS_MED_WSDL_EXPOSED,
|
|
1546
1615
|
title: 'WSDL Exposed',
|
|
1547
1616
|
description: 'The application exposes wsdl exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1548
1617
|
severity: 'medium',
|
|
1618
|
+
levelId: 3,
|
|
1549
1619
|
category: 'information_disclosure',
|
|
1550
1620
|
scanner: 'sensitive-path-scout',
|
|
1551
1621
|
cvss: {
|
|
@@ -1563,11 +1633,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1563
1633
|
},
|
|
1564
1634
|
|
|
1565
1635
|
[VulnerabilityCode.SENS_HIGH_DEBUG_ENDPOINT_EXPOSED]: {
|
|
1566
|
-
id:
|
|
1636
|
+
id: 570,
|
|
1567
1637
|
code: VulnerabilityCode.SENS_HIGH_DEBUG_ENDPOINT_EXPOSED,
|
|
1568
1638
|
title: 'Debug Endpoint Exposed',
|
|
1569
1639
|
description: 'The application exposes debug endpoint exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1570
1640
|
severity: 'high',
|
|
1641
|
+
levelId: 2,
|
|
1571
1642
|
category: 'information_disclosure',
|
|
1572
1643
|
scanner: 'sensitive-path-scout',
|
|
1573
1644
|
cvss: {
|
|
@@ -1585,11 +1656,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1585
1656
|
},
|
|
1586
1657
|
|
|
1587
1658
|
[VulnerabilityCode.SENS_HIGH_GO_DEBUG_VARS_EXPOSED]: {
|
|
1588
|
-
id:
|
|
1659
|
+
id: 571,
|
|
1589
1660
|
code: VulnerabilityCode.SENS_HIGH_GO_DEBUG_VARS_EXPOSED,
|
|
1590
1661
|
title: 'Go Debug Vars Exposed',
|
|
1591
1662
|
description: 'The application exposes go debug vars exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1592
1663
|
severity: 'high',
|
|
1664
|
+
levelId: 2,
|
|
1593
1665
|
category: 'information_disclosure',
|
|
1594
1666
|
scanner: 'sensitive-path-scout',
|
|
1595
1667
|
cvss: {
|
|
@@ -1607,11 +1679,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1607
1679
|
},
|
|
1608
1680
|
|
|
1609
1681
|
[VulnerabilityCode.SENS_HIGH_GO_PPROF_EXPOSED]: {
|
|
1610
|
-
id:
|
|
1682
|
+
id: 572,
|
|
1611
1683
|
code: VulnerabilityCode.SENS_HIGH_GO_PPROF_EXPOSED,
|
|
1612
1684
|
title: 'Go Pprof Exposed',
|
|
1613
1685
|
description: 'The application exposes go pprof exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1614
1686
|
severity: 'high',
|
|
1687
|
+
levelId: 2,
|
|
1615
1688
|
category: 'information_disclosure',
|
|
1616
1689
|
scanner: 'sensitive-path-scout',
|
|
1617
1690
|
cvss: {
|
|
@@ -1629,11 +1702,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1629
1702
|
},
|
|
1630
1703
|
|
|
1631
1704
|
[VulnerabilityCode.SENS_MED_WORD_PRESS_XML_RPC_EXPOSED]: {
|
|
1632
|
-
id:
|
|
1705
|
+
id: 573,
|
|
1633
1706
|
code: VulnerabilityCode.SENS_MED_WORD_PRESS_XML_RPC_EXPOSED,
|
|
1634
1707
|
title: 'Word Press XML Rpc Exposed',
|
|
1635
1708
|
description: 'The application exposes word press xml rpc exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1636
1709
|
severity: 'medium',
|
|
1710
|
+
levelId: 3,
|
|
1637
1711
|
category: 'information_disclosure',
|
|
1638
1712
|
scanner: 'sensitive-path-scout',
|
|
1639
1713
|
cvss: {
|
|
@@ -1651,11 +1725,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1651
1725
|
},
|
|
1652
1726
|
|
|
1653
1727
|
[VulnerabilityCode.SENS_LOW_TEST_ENDPOINT_EXPOSED]: {
|
|
1654
|
-
id:
|
|
1728
|
+
id: 574,
|
|
1655
1729
|
code: VulnerabilityCode.SENS_LOW_TEST_ENDPOINT_EXPOSED,
|
|
1656
1730
|
title: 'Test Endpoint Exposed',
|
|
1657
1731
|
description: 'The application exposes test endpoint exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1658
1732
|
severity: 'low',
|
|
1733
|
+
levelId: 4,
|
|
1659
1734
|
category: 'information_disclosure',
|
|
1660
1735
|
scanner: 'sensitive-path-scout',
|
|
1661
1736
|
cvss: {
|
|
@@ -1673,11 +1748,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1673
1748
|
},
|
|
1674
1749
|
|
|
1675
1750
|
[VulnerabilityCode.SENS_LOW_STAGING_ENDPOINT_EXPOSED]: {
|
|
1676
|
-
id:
|
|
1751
|
+
id: 575,
|
|
1677
1752
|
code: VulnerabilityCode.SENS_LOW_STAGING_ENDPOINT_EXPOSED,
|
|
1678
1753
|
title: 'Staging Endpoint Exposed',
|
|
1679
1754
|
description: 'The application exposes staging endpoint exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1680
1755
|
severity: 'low',
|
|
1756
|
+
levelId: 4,
|
|
1681
1757
|
category: 'information_disclosure',
|
|
1682
1758
|
scanner: 'sensitive-path-scout',
|
|
1683
1759
|
cvss: {
|
|
@@ -1695,11 +1771,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1695
1771
|
},
|
|
1696
1772
|
|
|
1697
1773
|
[VulnerabilityCode.SENS_LOW_EDITOR_BACKUP_FILE_DETECTED]: {
|
|
1698
|
-
id:
|
|
1774
|
+
id: 576,
|
|
1699
1775
|
code: VulnerabilityCode.SENS_LOW_EDITOR_BACKUP_FILE_DETECTED,
|
|
1700
1776
|
title: 'Editor Backup File Detected',
|
|
1701
1777
|
description: 'The application exposes editor backup file detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1702
1778
|
severity: 'low',
|
|
1779
|
+
levelId: 4,
|
|
1703
1780
|
category: 'information_disclosure',
|
|
1704
1781
|
scanner: 'sensitive-path-scout',
|
|
1705
1782
|
cvss: {
|
|
@@ -1717,11 +1794,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1717
1794
|
},
|
|
1718
1795
|
|
|
1719
1796
|
[VulnerabilityCode.SENS_LOW_VIM_SWAP_FILE_DETECTED]: {
|
|
1720
|
-
id:
|
|
1797
|
+
id: 577,
|
|
1721
1798
|
code: VulnerabilityCode.SENS_LOW_VIM_SWAP_FILE_DETECTED,
|
|
1722
1799
|
title: 'VIM Swap File Detected',
|
|
1723
1800
|
description: 'The application exposes vim swap file detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1724
1801
|
severity: 'low',
|
|
1802
|
+
levelId: 4,
|
|
1725
1803
|
category: 'information_disclosure',
|
|
1726
1804
|
scanner: 'sensitive-path-scout',
|
|
1727
1805
|
cvss: {
|
|
@@ -1739,11 +1817,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1739
1817
|
},
|
|
1740
1818
|
|
|
1741
1819
|
[VulnerabilityCode.SENS_LOW_DIRECTORY_LISTING_ENABLED]: {
|
|
1742
|
-
id:
|
|
1820
|
+
id: 578,
|
|
1743
1821
|
code: VulnerabilityCode.SENS_LOW_DIRECTORY_LISTING_ENABLED,
|
|
1744
1822
|
title: 'Directory Listing Enabled',
|
|
1745
1823
|
description: 'The application exposes directory listing enabled in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1746
1824
|
severity: 'low',
|
|
1825
|
+
levelId: 4,
|
|
1747
1826
|
category: 'information_disclosure',
|
|
1748
1827
|
scanner: 'sensitive-path-scout',
|
|
1749
1828
|
cvss: {
|
|
@@ -1761,11 +1840,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1761
1840
|
},
|
|
1762
1841
|
|
|
1763
1842
|
[VulnerabilityCode.SENS_HIGH_AZURE_STORAGE_CONFIG_EXPOSED]: {
|
|
1764
|
-
id:
|
|
1843
|
+
id: 579,
|
|
1765
1844
|
code: VulnerabilityCode.SENS_HIGH_AZURE_STORAGE_CONFIG_EXPOSED,
|
|
1766
1845
|
title: 'AZURE Storage Config Exposed',
|
|
1767
1846
|
description: 'The application exposes azure storage config exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1768
1847
|
severity: 'high',
|
|
1848
|
+
levelId: 2,
|
|
1769
1849
|
category: 'information_disclosure',
|
|
1770
1850
|
scanner: 'sensitive-path-scout',
|
|
1771
1851
|
cvss: {
|
|
@@ -1783,11 +1863,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1783
1863
|
},
|
|
1784
1864
|
|
|
1785
1865
|
[VulnerabilityCode.SENS_HIGH_MONGO_RC_EXPOSED]: {
|
|
1786
|
-
id:
|
|
1866
|
+
id: 580,
|
|
1787
1867
|
code: VulnerabilityCode.SENS_HIGH_MONGO_RC_EXPOSED,
|
|
1788
1868
|
title: 'Mongo Rc Exposed',
|
|
1789
1869
|
description: 'The application exposes mongo rc exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1790
1870
|
severity: 'high',
|
|
1871
|
+
levelId: 2,
|
|
1791
1872
|
category: 'information_disclosure',
|
|
1792
1873
|
scanner: 'sensitive-path-scout',
|
|
1793
1874
|
cvss: {
|
|
@@ -1805,11 +1886,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1805
1886
|
},
|
|
1806
1887
|
|
|
1807
1888
|
[VulnerabilityCode.SENS_LOW_AWSSAM_TEMPLATE_EXPOSED]: {
|
|
1808
|
-
id:
|
|
1889
|
+
id: 581,
|
|
1809
1890
|
code: VulnerabilityCode.SENS_LOW_AWSSAM_TEMPLATE_EXPOSED,
|
|
1810
1891
|
title: 'Awssam Template Exposed',
|
|
1811
1892
|
description: 'The application exposes awssam template exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1812
1893
|
severity: 'low',
|
|
1894
|
+
levelId: 4,
|
|
1813
1895
|
category: 'information_disclosure',
|
|
1814
1896
|
scanner: 'sensitive-path-scout',
|
|
1815
1897
|
cvss: {
|
|
@@ -1827,11 +1909,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1827
1909
|
},
|
|
1828
1910
|
|
|
1829
1911
|
[VulnerabilityCode.SENS_LOW_SERVERLESS_CONFIG_EXPOSED]: {
|
|
1830
|
-
id:
|
|
1912
|
+
id: 582,
|
|
1831
1913
|
code: VulnerabilityCode.SENS_LOW_SERVERLESS_CONFIG_EXPOSED,
|
|
1832
1914
|
title: 'Serverless Config Exposed',
|
|
1833
1915
|
description: 'The application exposes serverless config exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1834
1916
|
severity: 'low',
|
|
1917
|
+
levelId: 4,
|
|
1835
1918
|
category: 'information_disclosure',
|
|
1836
1919
|
scanner: 'sensitive-path-scout',
|
|
1837
1920
|
cvss: {
|
|
@@ -1849,11 +1932,12 @@ export const SENSITIVE_PATH_VULNERABILITIES: Record<string, VulnerabilityDefinit
|
|
|
1849
1932
|
},
|
|
1850
1933
|
|
|
1851
1934
|
[VulnerabilityCode.SENS_LOW_CLOUD_FORMATION_TEMPLATE_EXPOSED]: {
|
|
1852
|
-
id:
|
|
1935
|
+
id: 583,
|
|
1853
1936
|
code: VulnerabilityCode.SENS_LOW_CLOUD_FORMATION_TEMPLATE_EXPOSED,
|
|
1854
1937
|
title: 'Cloud Formation Template Exposed',
|
|
1855
1938
|
description: 'The application exposes cloud formation template exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1856
1939
|
severity: 'low',
|
|
1940
|
+
levelId: 4,
|
|
1857
1941
|
category: 'information_disclosure',
|
|
1858
1942
|
scanner: 'sensitive-path-scout',
|
|
1859
1943
|
cvss: {
|