@zerothreatai/vulnerability-registry 3.0.0 → 5.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/categories/authentication.js +34 -17
- package/dist/categories/configuration.js +561 -60
- package/dist/categories/injection.js +68 -34
- package/dist/categories/sensitive-paths.js +168 -84
- package/dist/categories/ssrf.js +22 -11
- package/dist/categories/xss.js +30 -15
- package/dist/category.d.ts +6 -0
- package/dist/category.js +15 -0
- package/dist/error-codes.d.ts +20 -0
- package/dist/error-codes.js +20 -0
- package/dist/index.d.ts +9 -1
- package/dist/index.js +5 -1
- package/dist/scanner.d.ts +6 -0
- package/dist/scanner.js +22 -0
- package/dist/types.d.ts +2 -0
- package/dist-cjs/categories/authentication.js +34 -17
- package/dist-cjs/categories/configuration.js +561 -60
- package/dist-cjs/categories/injection.js +68 -34
- package/dist-cjs/categories/sensitive-paths.js +168 -84
- package/dist-cjs/categories/ssrf.js +22 -11
- package/dist-cjs/categories/xss.js +30 -15
- package/dist-cjs/category.js +18 -0
- package/dist-cjs/error-codes.js +20 -0
- package/dist-cjs/index.js +7 -1
- package/dist-cjs/scanner.js +25 -0
- package/package.json +35 -32
- package/scripts/assign-ids.ts +105 -0
- package/scripts/check-duplicate-ids.ts +45 -0
- package/src/categories/authentication.ts +145 -128
- package/src/categories/configuration.ts +1632 -1111
- package/src/categories/injection.ts +158 -124
- package/src/categories/sensitive-paths.ts +168 -84
- package/src/categories/ssrf.ts +22 -11
- package/src/categories/xss.ts +30 -15
- package/src/category.ts +16 -0
- package/src/error-codes.ts +25 -5
- package/src/id-registry.json +1235 -0
- package/src/index.ts +20 -14
- package/src/scanner.ts +23 -0
- package/src/types.ts +4 -2
- package/zerothreatai-vulnerability-registry-4npm .0.0.tgz +0 -0
- package/src/categories/authentication.d.ts +0 -8
- package/src/categories/authentication.d.ts.map +0 -1
- package/src/categories/authentication.js +0 -378
- package/src/categories/authentication.js.map +0 -1
- package/src/categories/configuration.d.ts +0 -8
- package/src/categories/configuration.d.ts.map +0 -1
- package/src/categories/configuration.js +0 -906
- package/src/categories/configuration.js.map +0 -1
- package/src/categories/injection.d.ts +0 -8
- package/src/categories/injection.d.ts.map +0 -1
- package/src/categories/injection.js +0 -750
- package/src/categories/injection.js.map +0 -1
- package/src/categories/sensitive-paths.d.ts +0 -9
- package/src/categories/sensitive-paths.d.ts.map +0 -1
- package/src/categories/sensitive-paths.js +0 -1791
- package/src/categories/sensitive-paths.js.map +0 -1
- package/src/categories/ssrf.d.ts +0 -8
- package/src/categories/ssrf.d.ts.map +0 -1
- package/src/categories/ssrf.js +0 -250
- package/src/categories/ssrf.js.map +0 -1
- package/src/categories/xss.d.ts +0 -7
- package/src/categories/xss.d.ts.map +0 -1
- package/src/categories/xss.js +0 -328
- package/src/categories/xss.js.map +0 -1
- package/src/error-codes.d.ts +0 -242
- package/src/error-codes.d.ts.map +0 -1
- package/src/error-codes.js +0 -315
- package/src/error-codes.js.map +0 -1
- package/src/index.d.ts +0 -60
- package/src/index.d.ts.map +0 -1
- package/src/index.js +0 -107
- package/src/index.js.map +0 -1
- package/src/types.d.ts +0 -86
- package/src/types.d.ts.map +0 -1
- package/src/types.js +0 -7
- package/src/types.js.map +0 -1
|
@@ -10,11 +10,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
10
10
|
// CRITICAL - CREDENTIAL EXPOSURE
|
|
11
11
|
// ========================================
|
|
12
12
|
[VulnerabilityCode.SENS_CRIT_AWS_CREDENTIALS]: {
|
|
13
|
-
id:
|
|
13
|
+
id: 500,
|
|
14
14
|
code: VulnerabilityCode.SENS_CRIT_AWS_CREDENTIALS,
|
|
15
15
|
title: 'AWS Credentials Exposed',
|
|
16
16
|
description: 'AWS credentials file (.aws/credentials) is publicly accessible containing AWS Access Key ID and Secret Access Key, enabling complete access to AWS services including S3 buckets, EC2 instances, RDS databases, and all cloud resources associated with the compromised account.',
|
|
17
17
|
severity: 'critical',
|
|
18
|
+
levelId: 1,
|
|
18
19
|
category: 'information_disclosure',
|
|
19
20
|
scanner: 'sensitive-path-scout',
|
|
20
21
|
cvss: {
|
|
@@ -32,11 +33,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
32
33
|
remediation: 'Immediately rotate all exposed AWS credentials. Remove credentials from web-accessible paths. Use IAM roles for EC2 instances. Implement AWS Secrets Manager for credential storage.',
|
|
33
34
|
},
|
|
34
35
|
[VulnerabilityCode.SENS_CRIT_SSH_PRIVATE_KEY]: {
|
|
35
|
-
id:
|
|
36
|
+
id: 501,
|
|
36
37
|
code: VulnerabilityCode.SENS_CRIT_SSH_PRIVATE_KEY,
|
|
37
38
|
title: 'SSH Private Key Exposed',
|
|
38
39
|
description: 'SSH private key file (id_rsa, id_ed25519) is publicly accessible, allowing attackers to authenticate to any system where the corresponding public key is authorized, potentially including production servers, databases, and version control systems.',
|
|
39
40
|
severity: 'critical',
|
|
41
|
+
levelId: 1,
|
|
40
42
|
category: 'information_disclosure',
|
|
41
43
|
scanner: 'sensitive-path-scout',
|
|
42
44
|
cvss: {
|
|
@@ -53,11 +55,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
53
55
|
remediation: 'Immediately revoke and regenerate all SSH key pairs. Remove key files from web-accessible paths. Audit authorized_keys on all systems. Block access to .ssh directories in web server config.',
|
|
54
56
|
},
|
|
55
57
|
[VulnerabilityCode.SENS_CRIT_SSL_PRIVATE_KEY]: {
|
|
56
|
-
id:
|
|
58
|
+
id: 502,
|
|
57
59
|
code: VulnerabilityCode.SENS_CRIT_SSL_PRIVATE_KEY,
|
|
58
60
|
title: 'SSL/TLS Private Key Exposed',
|
|
59
61
|
description: 'SSL/TLS private key file is publicly accessible, enabling attackers to decrypt all HTTPS traffic, perform man-in-the-middle attacks, and impersonate the server for phishing or credential theft operations against legitimate users.',
|
|
60
62
|
severity: 'critical',
|
|
63
|
+
levelId: 1,
|
|
61
64
|
category: 'cryptographic',
|
|
62
65
|
scanner: 'sensitive-path-scout',
|
|
63
66
|
cvss: {
|
|
@@ -74,11 +77,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
74
77
|
remediation: 'Immediately revoke the SSL certificate and generate new key pair. Remove private keys from web-accessible directories. Store keys outside webroot with restricted permissions.',
|
|
75
78
|
},
|
|
76
79
|
[VulnerabilityCode.SENS_CRIT_RAILS_MASTER_KEY]: {
|
|
77
|
-
id:
|
|
80
|
+
id: 503,
|
|
78
81
|
code: VulnerabilityCode.SENS_CRIT_RAILS_MASTER_KEY,
|
|
79
82
|
title: 'Rails Master Key Exposed',
|
|
80
83
|
description: 'Rails master.key file is publicly accessible, allowing decryption of all Rails encrypted credentials including database passwords, API keys, and session secrets, enabling complete application compromise and access to all encrypted secrets.',
|
|
81
84
|
severity: 'critical',
|
|
85
|
+
levelId: 1,
|
|
82
86
|
category: 'information_disclosure',
|
|
83
87
|
scanner: 'sensitive-path-scout',
|
|
84
88
|
cvss: {
|
|
@@ -95,11 +99,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
95
99
|
remediation: 'Regenerate Rails master key immediately. Rotate all credentials encrypted with the old key. Remove master.key from version control and web-accessible paths. Use environment variables.',
|
|
96
100
|
},
|
|
97
101
|
[VulnerabilityCode.SENS_CRIT_TERRAFORM_STATE]: {
|
|
98
|
-
id:
|
|
102
|
+
id: 504,
|
|
99
103
|
code: VulnerabilityCode.SENS_CRIT_TERRAFORM_STATE,
|
|
100
104
|
title: 'Terraform State File Exposed',
|
|
101
105
|
description: 'Terraform state file (tfstate) is publicly accessible containing complete infrastructure configuration, resource IDs, IP addresses, and potentially sensitive outputs including database passwords and API keys stored in plain text.',
|
|
102
106
|
severity: 'critical',
|
|
107
|
+
levelId: 1,
|
|
103
108
|
category: 'information_disclosure',
|
|
104
109
|
scanner: 'sensitive-path-scout',
|
|
105
110
|
cvss: {
|
|
@@ -116,11 +121,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
116
121
|
remediation: 'Remove state files from web-accessible paths. Use remote state backends (S3, GCS, Azure) with encryption. Rotate any credentials found in state file. Enable state encryption.',
|
|
117
122
|
},
|
|
118
123
|
[VulnerabilityCode.SENS_CRIT_KUBE_CONFIG]: {
|
|
119
|
-
id:
|
|
124
|
+
id: 505,
|
|
120
125
|
code: VulnerabilityCode.SENS_CRIT_KUBE_CONFIG,
|
|
121
126
|
title: 'Kubernetes Config Exposed',
|
|
122
127
|
description: 'Kubernetes kubeconfig file is publicly accessible containing cluster credentials, certificates, and tokens that allow full administrative access to Kubernetes clusters including ability to deploy, modify, and delete all workloads.',
|
|
123
128
|
severity: 'critical',
|
|
129
|
+
levelId: 1,
|
|
124
130
|
category: 'information_disclosure',
|
|
125
131
|
scanner: 'sensitive-path-scout',
|
|
126
132
|
cvss: {
|
|
@@ -137,11 +143,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
137
143
|
remediation: 'Immediately revoke exposed service account tokens and certificates. Rotate cluster credentials. Remove config from web paths. Use RBAC with minimal permissions.',
|
|
138
144
|
},
|
|
139
145
|
[VulnerabilityCode.SENS_CRIT_VAULT_SECRET]: {
|
|
140
|
-
id:
|
|
146
|
+
id: 506,
|
|
141
147
|
code: VulnerabilityCode.SENS_CRIT_VAULT_SECRET,
|
|
142
148
|
title: 'HashiCorp Vault Secret Exposed',
|
|
143
149
|
description: 'HashiCorp Vault secrets or root token exposed, providing access to the centralized secrets management system and all secrets stored within, potentially compromising hundreds of application credentials and encryption keys.',
|
|
144
150
|
severity: 'critical',
|
|
151
|
+
levelId: 1,
|
|
145
152
|
category: 'information_disclosure',
|
|
146
153
|
scanner: 'sensitive-path-scout',
|
|
147
154
|
cvss: {
|
|
@@ -161,11 +168,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
161
168
|
// HIGH - SOURCE CODE & CONFIG EXPOSURE
|
|
162
169
|
// ========================================
|
|
163
170
|
[VulnerabilityCode.SENS_HIGH_GIT_EXPOSED]: {
|
|
164
|
-
id:
|
|
171
|
+
id: 507,
|
|
165
172
|
code: VulnerabilityCode.SENS_HIGH_GIT_EXPOSED,
|
|
166
173
|
title: 'Git Repository Exposed',
|
|
167
174
|
description: 'Git repository metadata (.git/HEAD, .git/config) is publicly accessible, allowing attackers to download the complete repository including all source code, commit history, configuration files, and potentially credentials committed accidentally.',
|
|
168
175
|
severity: 'high',
|
|
176
|
+
levelId: 2,
|
|
169
177
|
category: 'information_disclosure',
|
|
170
178
|
scanner: 'sensitive-path-scout',
|
|
171
179
|
cvss: {
|
|
@@ -182,11 +190,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
182
190
|
remediation: 'Block access to .git directory in web server configuration. Remove .git from production deployments. Audit git history for accidentally committed secrets.',
|
|
183
191
|
},
|
|
184
192
|
[VulnerabilityCode.SENS_HIGH_ENV_FILE]: {
|
|
185
|
-
id:
|
|
193
|
+
id: 508,
|
|
186
194
|
code: VulnerabilityCode.SENS_HIGH_ENV_FILE,
|
|
187
195
|
title: 'Environment File Exposed',
|
|
188
196
|
description: 'Environment configuration file (.env, .env.local, .env.production) is publicly accessible containing application secrets, database credentials, API keys, and other sensitive configuration that should never be exposed to end users.',
|
|
189
197
|
severity: 'high',
|
|
198
|
+
levelId: 2,
|
|
190
199
|
category: 'information_disclosure',
|
|
191
200
|
scanner: 'sensitive-path-scout',
|
|
192
201
|
cvss: {
|
|
@@ -203,11 +212,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
203
212
|
remediation: 'Remove .env files from web-accessible directories. Block access to dotfiles in web server config. Rotate all credentials found in exposed files. Use secrets management services.',
|
|
204
213
|
},
|
|
205
214
|
[VulnerabilityCode.SENS_HIGH_WORDPRESS_CONFIG]: {
|
|
206
|
-
id:
|
|
215
|
+
id: 509,
|
|
207
216
|
code: VulnerabilityCode.SENS_HIGH_WORDPRESS_CONFIG,
|
|
208
217
|
title: 'WordPress Configuration File Exposed',
|
|
209
218
|
description: 'WordPress wp-config.php file is accessible and readable, exposing database credentials, authentication keys, salts, table prefix, and debug settings that allow complete compromise of the WordPress installation and underlying database.',
|
|
210
219
|
severity: 'high',
|
|
220
|
+
levelId: 2,
|
|
211
221
|
category: 'information_disclosure',
|
|
212
222
|
scanner: 'sensitive-path-scout',
|
|
213
223
|
cvss: {
|
|
@@ -224,11 +234,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
224
234
|
remediation: 'Ensure PHP is properly configured to execute .php files rather than serve them as text. Move wp-config.php above the web root. Change database credentials immediately.',
|
|
225
235
|
},
|
|
226
236
|
[VulnerabilityCode.SENS_HIGH_SPRING_ACTUATOR]: {
|
|
227
|
-
id:
|
|
237
|
+
id: 510,
|
|
228
238
|
code: VulnerabilityCode.SENS_HIGH_SPRING_ACTUATOR,
|
|
229
239
|
title: 'Spring Boot Actuator Endpoints Exposed',
|
|
230
240
|
description: 'Spring Boot Actuator management endpoints are publicly accessible without authentication, exposing application internals including environment variables, configuration properties, health status, thread dumps, and potentially enabling remote code execution through certain endpoints.',
|
|
231
241
|
severity: 'high',
|
|
242
|
+
levelId: 2,
|
|
232
243
|
category: 'information_disclosure',
|
|
233
244
|
scanner: 'sensitive-path-scout',
|
|
234
245
|
cvss: {
|
|
@@ -246,11 +257,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
246
257
|
remediation: 'Secure actuator endpoints with authentication. Disable sensitive endpoints in production. Use separate management port accessible only internally. Apply principle of least exposure.',
|
|
247
258
|
},
|
|
248
259
|
[VulnerabilityCode.SENS_HIGH_SPRING_HEAPDUMP]: {
|
|
249
|
-
id:
|
|
260
|
+
id: 511,
|
|
250
261
|
code: VulnerabilityCode.SENS_HIGH_SPRING_HEAPDUMP,
|
|
251
262
|
title: 'Spring Boot Heapdump Exposed',
|
|
252
263
|
description: 'Spring Boot Actuator heapdump endpoint is accessible allowing download of JVM heap memory containing sensitive runtime data including session tokens, passwords, encryption keys, personal data, and other secrets temporarily held in application memory.',
|
|
253
264
|
severity: 'critical',
|
|
265
|
+
levelId: 1,
|
|
254
266
|
category: 'information_disclosure',
|
|
255
267
|
scanner: 'sensitive-path-scout',
|
|
256
268
|
cvss: {
|
|
@@ -267,11 +279,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
267
279
|
remediation: 'Disable heapdump endpoint in production (management.endpoint.heapdump.enabled=false). Require authentication for all actuator endpoints. Invalidate all active sessions.',
|
|
268
280
|
},
|
|
269
281
|
[VulnerabilityCode.SENS_HIGH_PHPINFO]: {
|
|
270
|
-
id:
|
|
282
|
+
id: 512,
|
|
271
283
|
code: VulnerabilityCode.SENS_HIGH_PHPINFO,
|
|
272
284
|
title: 'PHP Info Page Exposed',
|
|
273
285
|
description: 'PHP info page (phpinfo.php) is publicly accessible revealing complete server configuration including PHP version, loaded modules, environment variables, system paths, and potentially database connection strings that aid attackers in planning targeted attacks.',
|
|
274
286
|
severity: 'medium',
|
|
287
|
+
levelId: 3,
|
|
275
288
|
category: 'information_disclosure',
|
|
276
289
|
scanner: 'sensitive-path-scout',
|
|
277
290
|
cvss: {
|
|
@@ -288,11 +301,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
288
301
|
remediation: 'Remove phpinfo files from production servers. If needed for debugging, protect with authentication or IP restrictions. Delete all debug and test files before deployment.',
|
|
289
302
|
},
|
|
290
303
|
[VulnerabilityCode.SENS_HIGH_LARAVEL_DEBUG]: {
|
|
291
|
-
id:
|
|
304
|
+
id: 513,
|
|
292
305
|
code: VulnerabilityCode.SENS_HIGH_LARAVEL_DEBUG,
|
|
293
306
|
title: 'Laravel Debug Mode Enabled',
|
|
294
307
|
description: 'Laravel application is running with debug mode enabled in production, exposing detailed stack traces, database queries, environment variables, and potentially the APP_KEY which can be used to decrypt session data and forge authenticated sessions.',
|
|
295
308
|
severity: 'high',
|
|
309
|
+
levelId: 2,
|
|
296
310
|
category: 'information_disclosure',
|
|
297
311
|
scanner: 'sensitive-path-scout',
|
|
298
312
|
cvss: {
|
|
@@ -309,11 +323,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
309
323
|
remediation: 'Set APP_DEBUG=false in production environment. Rotate APP_KEY if exposed. Implement proper error logging that does not expose internals to users.',
|
|
310
324
|
},
|
|
311
325
|
[VulnerabilityCode.SENS_HIGH_GRAPHQL_INTROSPECTION]: {
|
|
312
|
-
id:
|
|
326
|
+
id: 514,
|
|
313
327
|
code: VulnerabilityCode.SENS_HIGH_GRAPHQL_INTROSPECTION,
|
|
314
328
|
title: 'GraphQL Introspection Enabled',
|
|
315
329
|
description: 'GraphQL API has introspection enabled in production, allowing attackers to query the complete schema including all types, queries, mutations, and fields, which reveals the entire API structure and aids in discovering sensitive operations and data access points.',
|
|
316
330
|
severity: 'medium',
|
|
331
|
+
levelId: 3,
|
|
317
332
|
category: 'information_disclosure',
|
|
318
333
|
scanner: 'sensitive-path-scout',
|
|
319
334
|
cvss: {
|
|
@@ -330,11 +345,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
330
345
|
remediation: 'Disable introspection in production (introspection: false in Apollo Server). Implement query depth limiting and complexity analysis. Use persisted queries.',
|
|
331
346
|
},
|
|
332
347
|
[VulnerabilityCode.SENS_HIGH_DATABASE_BACKUP]: {
|
|
333
|
-
id:
|
|
348
|
+
id: 515,
|
|
334
349
|
code: VulnerabilityCode.SENS_HIGH_DATABASE_BACKUP,
|
|
335
350
|
title: 'Database Backup File Exposed',
|
|
336
351
|
description: 'Database backup or dump file (.sql, .dump, .bak) is publicly accessible containing complete database contents including user credentials, personal information, business data, and all other stored information enabling massive data breach.',
|
|
337
352
|
severity: 'critical',
|
|
353
|
+
levelId: 1,
|
|
338
354
|
category: 'information_disclosure',
|
|
339
355
|
scanner: 'sensitive-path-scout',
|
|
340
356
|
cvss: {
|
|
@@ -354,11 +370,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
354
370
|
// MEDIUM - API & SERVICE EXPOSURE
|
|
355
371
|
// ========================================
|
|
356
372
|
[VulnerabilityCode.SENS_MED_SWAGGER_DOCS]: {
|
|
357
|
-
id:
|
|
373
|
+
id: 516,
|
|
358
374
|
code: VulnerabilityCode.SENS_MED_SWAGGER_DOCS,
|
|
359
375
|
title: 'Swagger/OpenAPI Documentation Exposed',
|
|
360
376
|
description: 'API documentation (swagger.json, openapi.yaml) is publicly accessible revealing complete API structure including all endpoints, parameters, authentication methods, and data models which aids attackers in understanding and exploiting the API systematically.',
|
|
361
377
|
severity: 'low',
|
|
378
|
+
levelId: 4,
|
|
362
379
|
category: 'information_disclosure',
|
|
363
380
|
scanner: 'sensitive-path-scout',
|
|
364
381
|
cvss: {
|
|
@@ -375,11 +392,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
375
392
|
remediation: 'Protect API documentation with authentication if it should be internal. Ensure publicly documented APIs have proper authorization. Remove internal endpoints from public docs.',
|
|
376
393
|
},
|
|
377
394
|
[VulnerabilityCode.SENS_MED_PROMETHEUS_METRICS]: {
|
|
378
|
-
id:
|
|
395
|
+
id: 517,
|
|
379
396
|
code: VulnerabilityCode.SENS_MED_PROMETHEUS_METRICS,
|
|
380
397
|
title: 'Prometheus Metrics Endpoint Exposed',
|
|
381
398
|
description: 'Prometheus metrics endpoint (/metrics) is publicly accessible exposing application performance data, error rates, request patterns, resource usage, and potentially business metrics that reveal internal operations and aid in planning attacks.',
|
|
382
399
|
severity: 'medium',
|
|
400
|
+
levelId: 3,
|
|
383
401
|
category: 'information_disclosure',
|
|
384
402
|
scanner: 'sensitive-path-scout',
|
|
385
403
|
cvss: {
|
|
@@ -396,11 +414,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
396
414
|
remediation: 'Restrict metrics endpoint to internal network or Prometheus server IPs. Use separate port for metrics collection. Implement authentication if external access is required.',
|
|
397
415
|
},
|
|
398
416
|
[VulnerabilityCode.SENS_MED_ADMIN_PANEL]: {
|
|
399
|
-
id:
|
|
417
|
+
id: 518,
|
|
400
418
|
code: VulnerabilityCode.SENS_MED_ADMIN_PANEL,
|
|
401
419
|
title: 'Admin Panel Publicly Accessible',
|
|
402
420
|
description: 'Administrative interface is accessible from the public internet without IP restrictions, enabling brute force attacks against admin credentials and exposing sensitive management functionality that should be restricted to internal networks only.',
|
|
403
421
|
severity: 'medium',
|
|
422
|
+
levelId: 3,
|
|
404
423
|
category: 'access_control',
|
|
405
424
|
scanner: 'sensitive-path-scout',
|
|
406
425
|
cvss: {
|
|
@@ -417,11 +436,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
417
436
|
remediation: 'Restrict admin panel access to VPN or internal IP ranges. Implement strong multi-factor authentication. Use rate limiting and account lockout. Consider separate admin domain.',
|
|
418
437
|
},
|
|
419
438
|
[VulnerabilityCode.SENS_MED_SOURCE_MAP]: {
|
|
420
|
-
id:
|
|
439
|
+
id: 519,
|
|
421
440
|
code: VulnerabilityCode.SENS_MED_SOURCE_MAP,
|
|
422
441
|
title: 'JavaScript Source Maps Exposed',
|
|
423
442
|
description: 'JavaScript source map files (.js.map) are publicly accessible allowing attackers to view original unminified source code including comments, variable names, internal logic, and potentially security-sensitive implementation details.',
|
|
424
443
|
severity: 'low',
|
|
444
|
+
levelId: 4,
|
|
425
445
|
category: 'information_disclosure',
|
|
426
446
|
scanner: 'sensitive-path-scout',
|
|
427
447
|
cvss: {
|
|
@@ -441,11 +461,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
441
461
|
// EXTENDED SENSITIVE PATH EXPOSURES
|
|
442
462
|
// ========================================
|
|
443
463
|
[VulnerabilityCode.SENS_MED_UN_PROTECTED_CONFIG_JSON]: {
|
|
444
|
-
id:
|
|
464
|
+
id: 520,
|
|
445
465
|
code: VulnerabilityCode.SENS_MED_UN_PROTECTED_CONFIG_JSON,
|
|
446
466
|
title: 'Un Protected Config JSON',
|
|
447
467
|
description: 'The application exposes un protected config json in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
448
468
|
severity: 'medium',
|
|
469
|
+
levelId: 3,
|
|
449
470
|
category: 'information_disclosure',
|
|
450
471
|
scanner: 'sensitive-path-scout',
|
|
451
472
|
cvss: {
|
|
@@ -462,11 +483,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
462
483
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
463
484
|
},
|
|
464
485
|
[VulnerabilityCode.SENS_HIGH_WEB_SERVER_CONFIGURATION_FILE_DETECTED]: {
|
|
465
|
-
id:
|
|
486
|
+
id: 521,
|
|
466
487
|
code: VulnerabilityCode.SENS_HIGH_WEB_SERVER_CONFIGURATION_FILE_DETECTED,
|
|
467
488
|
title: 'Web Server Configuration File Detected',
|
|
468
489
|
description: 'The application exposes web server configuration file detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
469
490
|
severity: 'high',
|
|
491
|
+
levelId: 2,
|
|
470
492
|
category: 'information_disclosure',
|
|
471
493
|
scanner: 'sensitive-path-scout',
|
|
472
494
|
cvss: {
|
|
@@ -483,11 +505,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
483
505
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
484
506
|
},
|
|
485
507
|
[VulnerabilityCode.SENS_HIGH_APPSETTINGS_JSON_EXPOSED]: {
|
|
486
|
-
id:
|
|
508
|
+
id: 522,
|
|
487
509
|
code: VulnerabilityCode.SENS_HIGH_APPSETTINGS_JSON_EXPOSED,
|
|
488
510
|
title: 'Appsettings JSON Exposed',
|
|
489
511
|
description: 'The application exposes appsettings json exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
490
512
|
severity: 'high',
|
|
513
|
+
levelId: 2,
|
|
491
514
|
category: 'information_disclosure',
|
|
492
515
|
scanner: 'sensitive-path-scout',
|
|
493
516
|
cvss: {
|
|
@@ -504,11 +527,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
504
527
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
505
528
|
},
|
|
506
529
|
[VulnerabilityCode.SENS_HIGH_SPRING_CONFIG_EXPOSED]: {
|
|
507
|
-
id:
|
|
530
|
+
id: 523,
|
|
508
531
|
code: VulnerabilityCode.SENS_HIGH_SPRING_CONFIG_EXPOSED,
|
|
509
532
|
title: 'Spring Config Exposed',
|
|
510
533
|
description: 'The application exposes spring config exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
511
534
|
severity: 'high',
|
|
535
|
+
levelId: 2,
|
|
512
536
|
category: 'information_disclosure',
|
|
513
537
|
scanner: 'sensitive-path-scout',
|
|
514
538
|
cvss: {
|
|
@@ -525,11 +549,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
525
549
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
526
550
|
},
|
|
527
551
|
[VulnerabilityCode.SENS_HIGH_NPMRC_EXPOSED]: {
|
|
528
|
-
id:
|
|
552
|
+
id: 524,
|
|
529
553
|
code: VulnerabilityCode.SENS_HIGH_NPMRC_EXPOSED,
|
|
530
554
|
title: 'Npmrc Exposed',
|
|
531
555
|
description: 'The application exposes npmrc exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
532
556
|
severity: 'high',
|
|
557
|
+
levelId: 2,
|
|
533
558
|
category: 'information_disclosure',
|
|
534
559
|
scanner: 'sensitive-path-scout',
|
|
535
560
|
cvss: {
|
|
@@ -546,11 +571,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
546
571
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
547
572
|
},
|
|
548
573
|
[VulnerabilityCode.SENS_LOW_TOML_PROJECT_FILE_EXPOSED]: {
|
|
549
|
-
id:
|
|
574
|
+
id: 525,
|
|
550
575
|
code: VulnerabilityCode.SENS_LOW_TOML_PROJECT_FILE_EXPOSED,
|
|
551
576
|
title: 'TOML Project File Exposed',
|
|
552
577
|
description: 'The application exposes toml project file exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
553
578
|
severity: 'low',
|
|
579
|
+
levelId: 4,
|
|
554
580
|
category: 'information_disclosure',
|
|
555
581
|
scanner: 'sensitive-path-scout',
|
|
556
582
|
cvss: {
|
|
@@ -567,11 +593,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
567
593
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
568
594
|
},
|
|
569
595
|
[VulnerabilityCode.SENS_HIGH_RAILS_DATABASE_YML_EXPOSED]: {
|
|
570
|
-
id:
|
|
596
|
+
id: 526,
|
|
571
597
|
code: VulnerabilityCode.SENS_HIGH_RAILS_DATABASE_YML_EXPOSED,
|
|
572
598
|
title: 'Rails Database YML Exposed',
|
|
573
599
|
description: 'The application exposes rails database yml exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
574
600
|
severity: 'high',
|
|
601
|
+
levelId: 2,
|
|
575
602
|
category: 'information_disclosure',
|
|
576
603
|
scanner: 'sensitive-path-scout',
|
|
577
604
|
cvss: {
|
|
@@ -588,11 +615,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
588
615
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
589
616
|
},
|
|
590
617
|
[VulnerabilityCode.SENS_HIGH_DRUPAL_SETTINGS_PHP_EXPOSED]: {
|
|
591
|
-
id:
|
|
618
|
+
id: 527,
|
|
592
619
|
code: VulnerabilityCode.SENS_HIGH_DRUPAL_SETTINGS_PHP_EXPOSED,
|
|
593
620
|
title: 'Drupal Settings PHP Exposed',
|
|
594
621
|
description: 'The application exposes drupal settings php exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
595
622
|
severity: 'high',
|
|
623
|
+
levelId: 2,
|
|
596
624
|
category: 'information_disclosure',
|
|
597
625
|
scanner: 'sensitive-path-scout',
|
|
598
626
|
cvss: {
|
|
@@ -609,11 +637,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
609
637
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
610
638
|
},
|
|
611
639
|
[VulnerabilityCode.SENS_HIGH_MAGENTO_ENV_PHP_EXPOSED]: {
|
|
612
|
-
id:
|
|
640
|
+
id: 528,
|
|
613
641
|
code: VulnerabilityCode.SENS_HIGH_MAGENTO_ENV_PHP_EXPOSED,
|
|
614
642
|
title: 'Magento Env PHP Exposed',
|
|
615
643
|
description: 'The application exposes magento env php exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
616
644
|
severity: 'high',
|
|
645
|
+
levelId: 2,
|
|
617
646
|
category: 'information_disclosure',
|
|
618
647
|
scanner: 'sensitive-path-scout',
|
|
619
648
|
cvss: {
|
|
@@ -630,11 +659,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
630
659
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
631
660
|
},
|
|
632
661
|
[VulnerabilityCode.SENS_HIGH_JOLOKIA_EXPOSED]: {
|
|
633
|
-
id:
|
|
662
|
+
id: 529,
|
|
634
663
|
code: VulnerabilityCode.SENS_HIGH_JOLOKIA_EXPOSED,
|
|
635
664
|
title: 'Jolokia Exposed',
|
|
636
665
|
description: 'The application exposes jolokia exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
637
666
|
severity: 'high',
|
|
667
|
+
levelId: 2,
|
|
638
668
|
category: 'information_disclosure',
|
|
639
669
|
scanner: 'sensitive-path-scout',
|
|
640
670
|
cvss: {
|
|
@@ -651,11 +681,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
651
681
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
652
682
|
},
|
|
653
683
|
[VulnerabilityCode.SENS_HIGH_SVN_WORKING_COPY_DATABASE_EXPOSED]: {
|
|
654
|
-
id:
|
|
684
|
+
id: 530,
|
|
655
685
|
code: VulnerabilityCode.SENS_HIGH_SVN_WORKING_COPY_DATABASE_EXPOSED,
|
|
656
686
|
title: 'SVN Working Copy Database Exposed',
|
|
657
687
|
description: 'The application exposes svn working copy database exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
658
688
|
severity: 'high',
|
|
689
|
+
levelId: 2,
|
|
659
690
|
category: 'information_disclosure',
|
|
660
691
|
scanner: 'sensitive-path-scout',
|
|
661
692
|
cvss: {
|
|
@@ -672,11 +703,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
672
703
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
673
704
|
},
|
|
674
705
|
[VulnerabilityCode.SENS_HIGH_SUBVERSION_REPOSITORY_DETECTED]: {
|
|
675
|
-
id:
|
|
706
|
+
id: 531,
|
|
676
707
|
code: VulnerabilityCode.SENS_HIGH_SUBVERSION_REPOSITORY_DETECTED,
|
|
677
708
|
title: 'Subversion Repository Detected',
|
|
678
709
|
description: 'The application exposes subversion repository detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
679
710
|
severity: 'high',
|
|
711
|
+
levelId: 2,
|
|
680
712
|
category: 'information_disclosure',
|
|
681
713
|
scanner: 'sensitive-path-scout',
|
|
682
714
|
cvss: {
|
|
@@ -693,11 +725,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
693
725
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
694
726
|
},
|
|
695
727
|
[VulnerabilityCode.SENS_MED_MERCURIAL_REPOSITORY_FOUND]: {
|
|
696
|
-
id:
|
|
728
|
+
id: 532,
|
|
697
729
|
code: VulnerabilityCode.SENS_MED_MERCURIAL_REPOSITORY_FOUND,
|
|
698
730
|
title: 'Mercurial Repository Found',
|
|
699
731
|
description: 'The application exposes mercurial repository found in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
700
732
|
severity: 'medium',
|
|
733
|
+
levelId: 3,
|
|
701
734
|
category: 'information_disclosure',
|
|
702
735
|
scanner: 'sensitive-path-scout',
|
|
703
736
|
cvss: {
|
|
@@ -714,11 +747,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
714
747
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
715
748
|
},
|
|
716
749
|
[VulnerabilityCode.SENS_MED_MERCURIAL_HGRC_EXPOSED]: {
|
|
717
|
-
id:
|
|
750
|
+
id: 533,
|
|
718
751
|
code: VulnerabilityCode.SENS_MED_MERCURIAL_HGRC_EXPOSED,
|
|
719
752
|
title: 'Mercurial Hgrc Exposed',
|
|
720
753
|
description: 'The application exposes mercurial hgrc exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
721
754
|
severity: 'medium',
|
|
755
|
+
levelId: 3,
|
|
722
756
|
category: 'information_disclosure',
|
|
723
757
|
scanner: 'sensitive-path-scout',
|
|
724
758
|
cvss: {
|
|
@@ -735,11 +769,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
735
769
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
736
770
|
},
|
|
737
771
|
[VulnerabilityCode.SENS_MED_CVS_ROOT_EXPOSED]: {
|
|
738
|
-
id:
|
|
772
|
+
id: 534,
|
|
739
773
|
code: VulnerabilityCode.SENS_MED_CVS_ROOT_EXPOSED,
|
|
740
774
|
title: 'CVS Root Exposed',
|
|
741
775
|
description: 'The application exposes cvs root exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
742
776
|
severity: 'medium',
|
|
777
|
+
levelId: 3,
|
|
743
778
|
category: 'information_disclosure',
|
|
744
779
|
scanner: 'sensitive-path-scout',
|
|
745
780
|
cvss: {
|
|
@@ -756,11 +791,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
756
791
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
757
792
|
},
|
|
758
793
|
[VulnerabilityCode.SENS_MED_CVS_ENTRIES_EXPOSED]: {
|
|
759
|
-
id:
|
|
794
|
+
id: 535,
|
|
760
795
|
code: VulnerabilityCode.SENS_MED_CVS_ENTRIES_EXPOSED,
|
|
761
796
|
title: 'CVS Entries Exposed',
|
|
762
797
|
description: 'The application exposes cvs entries exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
763
798
|
severity: 'medium',
|
|
799
|
+
levelId: 3,
|
|
764
800
|
category: 'information_disclosure',
|
|
765
801
|
scanner: 'sensitive-path-scout',
|
|
766
802
|
cvss: {
|
|
@@ -777,11 +813,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
777
813
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
778
814
|
},
|
|
779
815
|
[VulnerabilityCode.SENS_MED_BAZAAR_REPO_EXPOSED]: {
|
|
780
|
-
id:
|
|
816
|
+
id: 536,
|
|
781
817
|
code: VulnerabilityCode.SENS_MED_BAZAAR_REPO_EXPOSED,
|
|
782
818
|
title: 'Bazaar Repo Exposed',
|
|
783
819
|
description: 'The application exposes bazaar repo exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
784
820
|
severity: 'medium',
|
|
821
|
+
levelId: 3,
|
|
785
822
|
category: 'information_disclosure',
|
|
786
823
|
scanner: 'sensitive-path-scout',
|
|
787
824
|
cvss: {
|
|
@@ -798,11 +835,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
798
835
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
799
836
|
},
|
|
800
837
|
[VulnerabilityCode.SENS_HIGH_SPRING_BOOT_THREAD_DUMP_EXPOSED]: {
|
|
801
|
-
id:
|
|
838
|
+
id: 537,
|
|
802
839
|
code: VulnerabilityCode.SENS_HIGH_SPRING_BOOT_THREAD_DUMP_EXPOSED,
|
|
803
840
|
title: 'Spring Boot Thread Dump Exposed',
|
|
804
841
|
description: 'The application exposes spring boot thread dump exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
805
842
|
severity: 'high',
|
|
843
|
+
levelId: 2,
|
|
806
844
|
category: 'information_disclosure',
|
|
807
845
|
scanner: 'sensitive-path-scout',
|
|
808
846
|
cvss: {
|
|
@@ -819,11 +857,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
819
857
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
820
858
|
},
|
|
821
859
|
[VulnerabilityCode.SENS_HIGH_REDIS_RDB_DUMP_DETECTED]: {
|
|
822
|
-
id:
|
|
860
|
+
id: 538,
|
|
823
861
|
code: VulnerabilityCode.SENS_HIGH_REDIS_RDB_DUMP_DETECTED,
|
|
824
862
|
title: 'Redis Rdb Dump Detected',
|
|
825
863
|
description: 'The application exposes redis rdb dump detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
826
864
|
severity: 'high',
|
|
865
|
+
levelId: 2,
|
|
827
866
|
category: 'information_disclosure',
|
|
828
867
|
scanner: 'sensitive-path-scout',
|
|
829
868
|
cvss: {
|
|
@@ -840,11 +879,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
840
879
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
841
880
|
},
|
|
842
881
|
[VulnerabilityCode.SENS_LOW_ATLASSIAN_BITBUCKET_PIPELINES_CONFIGURATION_DETECTED]: {
|
|
843
|
-
id:
|
|
882
|
+
id: 539,
|
|
844
883
|
code: VulnerabilityCode.SENS_LOW_ATLASSIAN_BITBUCKET_PIPELINES_CONFIGURATION_DETECTED,
|
|
845
884
|
title: 'Atlassian Bitbucket Pipelines Configuration Detected',
|
|
846
885
|
description: 'The application exposes atlassian bitbucket pipelines configuration detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
847
886
|
severity: 'low',
|
|
887
|
+
levelId: 4,
|
|
848
888
|
category: 'information_disclosure',
|
|
849
889
|
scanner: 'sensitive-path-scout',
|
|
850
890
|
cvss: {
|
|
@@ -861,11 +901,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
861
901
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
862
902
|
},
|
|
863
903
|
[VulnerabilityCode.SENS_LOW_AZURE_PIPELINES_CONFIGURATION_DETECTED]: {
|
|
864
|
-
id:
|
|
904
|
+
id: 540,
|
|
865
905
|
code: VulnerabilityCode.SENS_LOW_AZURE_PIPELINES_CONFIGURATION_DETECTED,
|
|
866
906
|
title: 'AZURE Pipelines Configuration Detected',
|
|
867
907
|
description: 'The application exposes azure pipelines configuration detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
868
908
|
severity: 'low',
|
|
909
|
+
levelId: 4,
|
|
869
910
|
category: 'information_disclosure',
|
|
870
911
|
scanner: 'sensitive-path-scout',
|
|
871
912
|
cvss: {
|
|
@@ -882,11 +923,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
882
923
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
883
924
|
},
|
|
884
925
|
[VulnerabilityCode.SENS_LOW_AWS_CODE_BUILD_BUILDSPEC_DETECTED]: {
|
|
885
|
-
id:
|
|
926
|
+
id: 541,
|
|
886
927
|
code: VulnerabilityCode.SENS_LOW_AWS_CODE_BUILD_BUILDSPEC_DETECTED,
|
|
887
928
|
title: 'AWS Code Build Buildspec Detected',
|
|
888
929
|
description: 'The application exposes aws code build buildspec detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
889
930
|
severity: 'low',
|
|
931
|
+
levelId: 4,
|
|
890
932
|
category: 'information_disclosure',
|
|
891
933
|
scanner: 'sensitive-path-scout',
|
|
892
934
|
cvss: {
|
|
@@ -903,11 +945,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
903
945
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
904
946
|
},
|
|
905
947
|
[VulnerabilityCode.SENS_LOW_GITHUB_ACTIONS_WORKFLOW_DETECTED]: {
|
|
906
|
-
id:
|
|
948
|
+
id: 542,
|
|
907
949
|
code: VulnerabilityCode.SENS_LOW_GITHUB_ACTIONS_WORKFLOW_DETECTED,
|
|
908
950
|
title: 'Github Actions Workflow Detected',
|
|
909
951
|
description: 'The application exposes github actions workflow detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
910
952
|
severity: 'low',
|
|
953
|
+
levelId: 4,
|
|
911
954
|
category: 'information_disclosure',
|
|
912
955
|
scanner: 'sensitive-path-scout',
|
|
913
956
|
cvss: {
|
|
@@ -924,11 +967,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
924
967
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
925
968
|
},
|
|
926
969
|
[VulnerabilityCode.SENS_MED_DOCKER_COMPOSE_CONFIGURATION_DETECTED]: {
|
|
927
|
-
id:
|
|
970
|
+
id: 543,
|
|
928
971
|
code: VulnerabilityCode.SENS_MED_DOCKER_COMPOSE_CONFIGURATION_DETECTED,
|
|
929
972
|
title: 'Docker Compose Configuration Detected',
|
|
930
973
|
description: 'The application exposes docker compose configuration detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
931
974
|
severity: 'medium',
|
|
975
|
+
levelId: 3,
|
|
932
976
|
category: 'information_disclosure',
|
|
933
977
|
scanner: 'sensitive-path-scout',
|
|
934
978
|
cvss: {
|
|
@@ -945,11 +989,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
945
989
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
946
990
|
},
|
|
947
991
|
[VulnerabilityCode.SENS_HIGH_TRACE_AXD]: {
|
|
948
|
-
id:
|
|
992
|
+
id: 544,
|
|
949
993
|
code: VulnerabilityCode.SENS_HIGH_TRACE_AXD,
|
|
950
994
|
title: 'Trace Axd',
|
|
951
995
|
description: 'The application exposes trace axd in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
952
996
|
severity: 'high',
|
|
997
|
+
levelId: 2,
|
|
953
998
|
category: 'information_disclosure',
|
|
954
999
|
scanner: 'sensitive-path-scout',
|
|
955
1000
|
cvss: {
|
|
@@ -966,11 +1011,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
966
1011
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
967
1012
|
},
|
|
968
1013
|
[VulnerabilityCode.SENS_HIGH_ELMAH_AXD_EXPOSED]: {
|
|
969
|
-
id:
|
|
1014
|
+
id: 545,
|
|
970
1015
|
code: VulnerabilityCode.SENS_HIGH_ELMAH_AXD_EXPOSED,
|
|
971
1016
|
title: 'Elmah Axd Exposed',
|
|
972
1017
|
description: 'The application exposes elmah axd exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
973
1018
|
severity: 'high',
|
|
1019
|
+
levelId: 2,
|
|
974
1020
|
category: 'information_disclosure',
|
|
975
1021
|
scanner: 'sensitive-path-scout',
|
|
976
1022
|
cvss: {
|
|
@@ -987,11 +1033,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
987
1033
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
988
1034
|
},
|
|
989
1035
|
[VulnerabilityCode.SENS_MED_LARAVEL_LOG_VIEWER_ENABLED]: {
|
|
990
|
-
id:
|
|
1036
|
+
id: 546,
|
|
991
1037
|
code: VulnerabilityCode.SENS_MED_LARAVEL_LOG_VIEWER_ENABLED,
|
|
992
1038
|
title: 'Laravel Log Viewer Enabled',
|
|
993
1039
|
description: 'The application exposes laravel log viewer enabled in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
994
1040
|
severity: 'medium',
|
|
1041
|
+
levelId: 3,
|
|
995
1042
|
category: 'information_disclosure',
|
|
996
1043
|
scanner: 'sensitive-path-scout',
|
|
997
1044
|
cvss: {
|
|
@@ -1008,11 +1055,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1008
1055
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1009
1056
|
},
|
|
1010
1057
|
[VulnerabilityCode.SENS_MED_APACHE_HTACCESS_FILE_DETECTED]: {
|
|
1011
|
-
id:
|
|
1058
|
+
id: 547,
|
|
1012
1059
|
code: VulnerabilityCode.SENS_MED_APACHE_HTACCESS_FILE_DETECTED,
|
|
1013
1060
|
title: 'Apache Htaccess File Detected',
|
|
1014
1061
|
description: 'The application exposes apache htaccess file detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1015
1062
|
severity: 'medium',
|
|
1063
|
+
levelId: 3,
|
|
1016
1064
|
category: 'information_disclosure',
|
|
1017
1065
|
scanner: 'sensitive-path-scout',
|
|
1018
1066
|
cvss: {
|
|
@@ -1029,11 +1077,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1029
1077
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1030
1078
|
},
|
|
1031
1079
|
[VulnerabilityCode.SENS_MED_APACHE_SERVER_INFO_EXPOSED]: {
|
|
1032
|
-
id:
|
|
1080
|
+
id: 548,
|
|
1033
1081
|
code: VulnerabilityCode.SENS_MED_APACHE_SERVER_INFO_EXPOSED,
|
|
1034
1082
|
title: 'Apache Server Info Exposed',
|
|
1035
1083
|
description: 'The application exposes apache server info exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1036
1084
|
severity: 'medium',
|
|
1085
|
+
levelId: 3,
|
|
1037
1086
|
category: 'information_disclosure',
|
|
1038
1087
|
scanner: 'sensitive-path-scout',
|
|
1039
1088
|
cvss: {
|
|
@@ -1050,11 +1099,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1050
1099
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1051
1100
|
},
|
|
1052
1101
|
[VulnerabilityCode.SENS_HIGH_SQLITE_DATABASE_DETECTED]: {
|
|
1053
|
-
id:
|
|
1102
|
+
id: 549,
|
|
1054
1103
|
code: VulnerabilityCode.SENS_HIGH_SQLITE_DATABASE_DETECTED,
|
|
1055
1104
|
title: 'Sqlite Database Detected',
|
|
1056
1105
|
description: 'The application exposes sqlite database detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1057
1106
|
severity: 'high',
|
|
1107
|
+
levelId: 2,
|
|
1058
1108
|
category: 'information_disclosure',
|
|
1059
1109
|
scanner: 'sensitive-path-scout',
|
|
1060
1110
|
cvss: {
|
|
@@ -1071,11 +1121,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1071
1121
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1072
1122
|
},
|
|
1073
1123
|
[VulnerabilityCode.SENS_MED_PACKAGE_DEPENDENCIES_DETECTED]: {
|
|
1074
|
-
id:
|
|
1124
|
+
id: 550,
|
|
1075
1125
|
code: VulnerabilityCode.SENS_MED_PACKAGE_DEPENDENCIES_DETECTED,
|
|
1076
1126
|
title: 'Package Dependencies Detected',
|
|
1077
1127
|
description: 'The application exposes package dependencies detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1078
1128
|
severity: 'medium',
|
|
1129
|
+
levelId: 3,
|
|
1079
1130
|
category: 'information_disclosure',
|
|
1080
1131
|
scanner: 'sensitive-path-scout',
|
|
1081
1132
|
cvss: {
|
|
@@ -1092,11 +1143,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1092
1143
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1093
1144
|
},
|
|
1094
1145
|
[VulnerabilityCode.SENS_MED_PHP_COMPOSER_DEPENDENCIES_DETECTED]: {
|
|
1095
|
-
id:
|
|
1146
|
+
id: 551,
|
|
1096
1147
|
code: VulnerabilityCode.SENS_MED_PHP_COMPOSER_DEPENDENCIES_DETECTED,
|
|
1097
1148
|
title: 'PHP Composer Dependencies Detected',
|
|
1098
1149
|
description: 'The application exposes php composer dependencies detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1099
1150
|
severity: 'medium',
|
|
1151
|
+
levelId: 3,
|
|
1100
1152
|
category: 'information_disclosure',
|
|
1101
1153
|
scanner: 'sensitive-path-scout',
|
|
1102
1154
|
cvss: {
|
|
@@ -1113,11 +1165,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1113
1165
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1114
1166
|
},
|
|
1115
1167
|
[VulnerabilityCode.SENS_LOW_PYTHON_REQUIREMENTS_DETECTED]: {
|
|
1116
|
-
id:
|
|
1168
|
+
id: 552,
|
|
1117
1169
|
code: VulnerabilityCode.SENS_LOW_PYTHON_REQUIREMENTS_DETECTED,
|
|
1118
1170
|
title: 'Python Requirements Detected',
|
|
1119
1171
|
description: 'The application exposes python requirements detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1120
1172
|
severity: 'low',
|
|
1173
|
+
levelId: 4,
|
|
1121
1174
|
category: 'information_disclosure',
|
|
1122
1175
|
scanner: 'sensitive-path-scout',
|
|
1123
1176
|
cvss: {
|
|
@@ -1134,11 +1187,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1134
1187
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1135
1188
|
},
|
|
1136
1189
|
[VulnerabilityCode.SENS_HIGH_AWS_CONFIG_EXPOSED]: {
|
|
1137
|
-
id:
|
|
1190
|
+
id: 553,
|
|
1138
1191
|
code: VulnerabilityCode.SENS_HIGH_AWS_CONFIG_EXPOSED,
|
|
1139
1192
|
title: 'AWS Config Exposed',
|
|
1140
1193
|
description: 'The application exposes aws config exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1141
1194
|
severity: 'high',
|
|
1195
|
+
levelId: 2,
|
|
1142
1196
|
category: 'information_disclosure',
|
|
1143
1197
|
scanner: 'sensitive-path-scout',
|
|
1144
1198
|
cvss: {
|
|
@@ -1155,11 +1209,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1155
1209
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1156
1210
|
},
|
|
1157
1211
|
[VulnerabilityCode.SENS_HIGH_AZURE_CREDENTIALS_EXPOSED]: {
|
|
1158
|
-
id:
|
|
1212
|
+
id: 554,
|
|
1159
1213
|
code: VulnerabilityCode.SENS_HIGH_AZURE_CREDENTIALS_EXPOSED,
|
|
1160
1214
|
title: 'AZURE Credentials Exposed',
|
|
1161
1215
|
description: 'The application exposes azure credentials exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1162
1216
|
severity: 'high',
|
|
1217
|
+
levelId: 2,
|
|
1163
1218
|
category: 'information_disclosure',
|
|
1164
1219
|
scanner: 'sensitive-path-scout',
|
|
1165
1220
|
cvss: {
|
|
@@ -1176,11 +1231,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1176
1231
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1177
1232
|
},
|
|
1178
1233
|
[VulnerabilityCode.SENS_HIGH_HELM_VALUES_EXPOSED]: {
|
|
1179
|
-
id:
|
|
1234
|
+
id: 555,
|
|
1180
1235
|
code: VulnerabilityCode.SENS_HIGH_HELM_VALUES_EXPOSED,
|
|
1181
1236
|
title: 'Helm Values Exposed',
|
|
1182
1237
|
description: 'The application exposes helm values exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1183
1238
|
severity: 'high',
|
|
1239
|
+
levelId: 2,
|
|
1184
1240
|
category: 'information_disclosure',
|
|
1185
1241
|
scanner: 'sensitive-path-scout',
|
|
1186
1242
|
cvss: {
|
|
@@ -1197,11 +1253,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1197
1253
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1198
1254
|
},
|
|
1199
1255
|
[VulnerabilityCode.SENS_MED_SSH_PUBLIC_KEY_EXPOSED]: {
|
|
1200
|
-
id:
|
|
1256
|
+
id: 556,
|
|
1201
1257
|
code: VulnerabilityCode.SENS_MED_SSH_PUBLIC_KEY_EXPOSED,
|
|
1202
1258
|
title: 'SSH Public Key Exposed',
|
|
1203
1259
|
description: 'The application exposes ssh public key exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1204
1260
|
severity: 'medium',
|
|
1261
|
+
levelId: 3,
|
|
1205
1262
|
category: 'information_disclosure',
|
|
1206
1263
|
scanner: 'sensitive-path-scout',
|
|
1207
1264
|
cvss: {
|
|
@@ -1218,11 +1275,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1218
1275
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1219
1276
|
},
|
|
1220
1277
|
[VulnerabilityCode.SENS_MED_SSL_CERTIFICATE_EXPOSED]: {
|
|
1221
|
-
id:
|
|
1278
|
+
id: 557,
|
|
1222
1279
|
code: VulnerabilityCode.SENS_MED_SSL_CERTIFICATE_EXPOSED,
|
|
1223
1280
|
title: 'SSL Certificate Exposed',
|
|
1224
1281
|
description: 'The application exposes ssl certificate exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1225
1282
|
severity: 'medium',
|
|
1283
|
+
levelId: 3,
|
|
1226
1284
|
category: 'information_disclosure',
|
|
1227
1285
|
scanner: 'sensitive-path-scout',
|
|
1228
1286
|
cvss: {
|
|
@@ -1239,11 +1297,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1239
1297
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1240
1298
|
},
|
|
1241
1299
|
[VulnerabilityCode.SENS_MED_GRAPH_QL_ENDPOINT_EXPOSED]: {
|
|
1242
|
-
id:
|
|
1300
|
+
id: 558,
|
|
1243
1301
|
code: VulnerabilityCode.SENS_MED_GRAPH_QL_ENDPOINT_EXPOSED,
|
|
1244
1302
|
title: 'Graph Ql Endpoint Exposed',
|
|
1245
1303
|
description: 'The application exposes graph ql endpoint exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1246
1304
|
severity: 'medium',
|
|
1305
|
+
levelId: 3,
|
|
1247
1306
|
category: 'information_disclosure',
|
|
1248
1307
|
scanner: 'sensitive-path-scout',
|
|
1249
1308
|
cvss: {
|
|
@@ -1260,11 +1319,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1260
1319
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1261
1320
|
},
|
|
1262
1321
|
[VulnerabilityCode.SENS_MED_GRAPHI_QL_EXPOSED]: {
|
|
1263
|
-
id:
|
|
1322
|
+
id: 559,
|
|
1264
1323
|
code: VulnerabilityCode.SENS_MED_GRAPHI_QL_EXPOSED,
|
|
1265
1324
|
title: 'Graphi Ql Exposed',
|
|
1266
1325
|
description: 'The application exposes graphi ql exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1267
1326
|
severity: 'medium',
|
|
1327
|
+
levelId: 3,
|
|
1268
1328
|
category: 'information_disclosure',
|
|
1269
1329
|
scanner: 'sensitive-path-scout',
|
|
1270
1330
|
cvss: {
|
|
@@ -1281,11 +1341,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1281
1341
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1282
1342
|
},
|
|
1283
1343
|
[VulnerabilityCode.SENS_MED_TERRAFORM_LOCK_EXPOSED]: {
|
|
1284
|
-
id:
|
|
1344
|
+
id: 560,
|
|
1285
1345
|
code: VulnerabilityCode.SENS_MED_TERRAFORM_LOCK_EXPOSED,
|
|
1286
1346
|
title: 'Terraform Lock Exposed',
|
|
1287
1347
|
description: 'The application exposes terraform lock exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1288
1348
|
severity: 'medium',
|
|
1349
|
+
levelId: 3,
|
|
1289
1350
|
category: 'information_disclosure',
|
|
1290
1351
|
scanner: 'sensitive-path-scout',
|
|
1291
1352
|
cvss: {
|
|
@@ -1302,11 +1363,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1302
1363
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1303
1364
|
},
|
|
1304
1365
|
[VulnerabilityCode.SENS_HIGH_TERRAFORM_VARS_EXPOSED]: {
|
|
1305
|
-
id:
|
|
1366
|
+
id: 561,
|
|
1306
1367
|
code: VulnerabilityCode.SENS_HIGH_TERRAFORM_VARS_EXPOSED,
|
|
1307
1368
|
title: 'Terraform Vars Exposed',
|
|
1308
1369
|
description: 'The application exposes terraform vars exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1309
1370
|
severity: 'high',
|
|
1371
|
+
levelId: 2,
|
|
1310
1372
|
category: 'information_disclosure',
|
|
1311
1373
|
scanner: 'sensitive-path-scout',
|
|
1312
1374
|
cvss: {
|
|
@@ -1323,11 +1385,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1323
1385
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1324
1386
|
},
|
|
1325
1387
|
[VulnerabilityCode.SENS_MED_ERROR_LOG_EXPOSED]: {
|
|
1326
|
-
id:
|
|
1388
|
+
id: 562,
|
|
1327
1389
|
code: VulnerabilityCode.SENS_MED_ERROR_LOG_EXPOSED,
|
|
1328
1390
|
title: 'Error Log Exposed',
|
|
1329
1391
|
description: 'The application exposes error log exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1330
1392
|
severity: 'medium',
|
|
1393
|
+
levelId: 3,
|
|
1331
1394
|
category: 'information_disclosure',
|
|
1332
1395
|
scanner: 'sensitive-path-scout',
|
|
1333
1396
|
cvss: {
|
|
@@ -1344,11 +1407,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1344
1407
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1345
1408
|
},
|
|
1346
1409
|
[VulnerabilityCode.SENS_MED_ACCESS_LOG_EXPOSED]: {
|
|
1347
|
-
id:
|
|
1410
|
+
id: 563,
|
|
1348
1411
|
code: VulnerabilityCode.SENS_MED_ACCESS_LOG_EXPOSED,
|
|
1349
1412
|
title: 'Access Log Exposed',
|
|
1350
1413
|
description: 'The application exposes access log exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1351
1414
|
severity: 'medium',
|
|
1415
|
+
levelId: 3,
|
|
1352
1416
|
category: 'information_disclosure',
|
|
1353
1417
|
scanner: 'sensitive-path-scout',
|
|
1354
1418
|
cvss: {
|
|
@@ -1365,11 +1429,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1365
1429
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1366
1430
|
},
|
|
1367
1431
|
[VulnerabilityCode.SENS_MED_DEBUG_LOG_EXPOSED]: {
|
|
1368
|
-
id:
|
|
1432
|
+
id: 564,
|
|
1369
1433
|
code: VulnerabilityCode.SENS_MED_DEBUG_LOG_EXPOSED,
|
|
1370
1434
|
title: 'Debug Log Exposed',
|
|
1371
1435
|
description: 'The application exposes debug log exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1372
1436
|
severity: 'medium',
|
|
1437
|
+
levelId: 3,
|
|
1373
1438
|
category: 'information_disclosure',
|
|
1374
1439
|
scanner: 'sensitive-path-scout',
|
|
1375
1440
|
cvss: {
|
|
@@ -1386,11 +1451,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1386
1451
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1387
1452
|
},
|
|
1388
1453
|
[VulnerabilityCode.SENS_MED_APPLICATION_LOG_EXPOSED]: {
|
|
1389
|
-
id:
|
|
1454
|
+
id: 565,
|
|
1390
1455
|
code: VulnerabilityCode.SENS_MED_APPLICATION_LOG_EXPOSED,
|
|
1391
1456
|
title: 'Application Log Exposed',
|
|
1392
1457
|
description: 'The application exposes application log exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1393
1458
|
severity: 'medium',
|
|
1459
|
+
levelId: 3,
|
|
1394
1460
|
category: 'information_disclosure',
|
|
1395
1461
|
scanner: 'sensitive-path-scout',
|
|
1396
1462
|
cvss: {
|
|
@@ -1407,11 +1473,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1407
1473
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1408
1474
|
},
|
|
1409
1475
|
[VulnerabilityCode.SENS_HIGH_LARAVEL_LOG_EXPOSED]: {
|
|
1410
|
-
id:
|
|
1476
|
+
id: 566,
|
|
1411
1477
|
code: VulnerabilityCode.SENS_HIGH_LARAVEL_LOG_EXPOSED,
|
|
1412
1478
|
title: 'Laravel Log Exposed',
|
|
1413
1479
|
description: 'The application exposes laravel log exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1414
1480
|
severity: 'high',
|
|
1481
|
+
levelId: 2,
|
|
1415
1482
|
category: 'information_disclosure',
|
|
1416
1483
|
scanner: 'sensitive-path-scout',
|
|
1417
1484
|
cvss: {
|
|
@@ -1428,11 +1495,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1428
1495
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1429
1496
|
},
|
|
1430
1497
|
[VulnerabilityCode.SENS_HIGH_WORD_PRESS_DEBUG_LOG_EXPOSED]: {
|
|
1431
|
-
id:
|
|
1498
|
+
id: 567,
|
|
1432
1499
|
code: VulnerabilityCode.SENS_HIGH_WORD_PRESS_DEBUG_LOG_EXPOSED,
|
|
1433
1500
|
title: 'Word Press Debug Log Exposed',
|
|
1434
1501
|
description: 'The application exposes word press debug log exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1435
1502
|
severity: 'high',
|
|
1503
|
+
levelId: 2,
|
|
1436
1504
|
category: 'information_disclosure',
|
|
1437
1505
|
scanner: 'sensitive-path-scout',
|
|
1438
1506
|
cvss: {
|
|
@@ -1449,11 +1517,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1449
1517
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1450
1518
|
},
|
|
1451
1519
|
[VulnerabilityCode.SENS_HIGH_ADMINER_EXPOSED]: {
|
|
1452
|
-
id:
|
|
1520
|
+
id: 568,
|
|
1453
1521
|
code: VulnerabilityCode.SENS_HIGH_ADMINER_EXPOSED,
|
|
1454
1522
|
title: 'Adminer Exposed',
|
|
1455
1523
|
description: 'The application exposes adminer exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1456
1524
|
severity: 'high',
|
|
1525
|
+
levelId: 2,
|
|
1457
1526
|
category: 'information_disclosure',
|
|
1458
1527
|
scanner: 'sensitive-path-scout',
|
|
1459
1528
|
cvss: {
|
|
@@ -1470,11 +1539,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1470
1539
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1471
1540
|
},
|
|
1472
1541
|
[VulnerabilityCode.SENS_MED_WSDL_EXPOSED]: {
|
|
1473
|
-
id:
|
|
1542
|
+
id: 569,
|
|
1474
1543
|
code: VulnerabilityCode.SENS_MED_WSDL_EXPOSED,
|
|
1475
1544
|
title: 'WSDL Exposed',
|
|
1476
1545
|
description: 'The application exposes wsdl exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1477
1546
|
severity: 'medium',
|
|
1547
|
+
levelId: 3,
|
|
1478
1548
|
category: 'information_disclosure',
|
|
1479
1549
|
scanner: 'sensitive-path-scout',
|
|
1480
1550
|
cvss: {
|
|
@@ -1491,11 +1561,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1491
1561
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1492
1562
|
},
|
|
1493
1563
|
[VulnerabilityCode.SENS_HIGH_DEBUG_ENDPOINT_EXPOSED]: {
|
|
1494
|
-
id:
|
|
1564
|
+
id: 570,
|
|
1495
1565
|
code: VulnerabilityCode.SENS_HIGH_DEBUG_ENDPOINT_EXPOSED,
|
|
1496
1566
|
title: 'Debug Endpoint Exposed',
|
|
1497
1567
|
description: 'The application exposes debug endpoint exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1498
1568
|
severity: 'high',
|
|
1569
|
+
levelId: 2,
|
|
1499
1570
|
category: 'information_disclosure',
|
|
1500
1571
|
scanner: 'sensitive-path-scout',
|
|
1501
1572
|
cvss: {
|
|
@@ -1512,11 +1583,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1512
1583
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1513
1584
|
},
|
|
1514
1585
|
[VulnerabilityCode.SENS_HIGH_GO_DEBUG_VARS_EXPOSED]: {
|
|
1515
|
-
id:
|
|
1586
|
+
id: 571,
|
|
1516
1587
|
code: VulnerabilityCode.SENS_HIGH_GO_DEBUG_VARS_EXPOSED,
|
|
1517
1588
|
title: 'Go Debug Vars Exposed',
|
|
1518
1589
|
description: 'The application exposes go debug vars exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1519
1590
|
severity: 'high',
|
|
1591
|
+
levelId: 2,
|
|
1520
1592
|
category: 'information_disclosure',
|
|
1521
1593
|
scanner: 'sensitive-path-scout',
|
|
1522
1594
|
cvss: {
|
|
@@ -1533,11 +1605,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1533
1605
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1534
1606
|
},
|
|
1535
1607
|
[VulnerabilityCode.SENS_HIGH_GO_PPROF_EXPOSED]: {
|
|
1536
|
-
id:
|
|
1608
|
+
id: 572,
|
|
1537
1609
|
code: VulnerabilityCode.SENS_HIGH_GO_PPROF_EXPOSED,
|
|
1538
1610
|
title: 'Go Pprof Exposed',
|
|
1539
1611
|
description: 'The application exposes go pprof exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1540
1612
|
severity: 'high',
|
|
1613
|
+
levelId: 2,
|
|
1541
1614
|
category: 'information_disclosure',
|
|
1542
1615
|
scanner: 'sensitive-path-scout',
|
|
1543
1616
|
cvss: {
|
|
@@ -1554,11 +1627,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1554
1627
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1555
1628
|
},
|
|
1556
1629
|
[VulnerabilityCode.SENS_MED_WORD_PRESS_XML_RPC_EXPOSED]: {
|
|
1557
|
-
id:
|
|
1630
|
+
id: 573,
|
|
1558
1631
|
code: VulnerabilityCode.SENS_MED_WORD_PRESS_XML_RPC_EXPOSED,
|
|
1559
1632
|
title: 'Word Press XML Rpc Exposed',
|
|
1560
1633
|
description: 'The application exposes word press xml rpc exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1561
1634
|
severity: 'medium',
|
|
1635
|
+
levelId: 3,
|
|
1562
1636
|
category: 'information_disclosure',
|
|
1563
1637
|
scanner: 'sensitive-path-scout',
|
|
1564
1638
|
cvss: {
|
|
@@ -1575,11 +1649,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1575
1649
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1576
1650
|
},
|
|
1577
1651
|
[VulnerabilityCode.SENS_LOW_TEST_ENDPOINT_EXPOSED]: {
|
|
1578
|
-
id:
|
|
1652
|
+
id: 574,
|
|
1579
1653
|
code: VulnerabilityCode.SENS_LOW_TEST_ENDPOINT_EXPOSED,
|
|
1580
1654
|
title: 'Test Endpoint Exposed',
|
|
1581
1655
|
description: 'The application exposes test endpoint exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1582
1656
|
severity: 'low',
|
|
1657
|
+
levelId: 4,
|
|
1583
1658
|
category: 'information_disclosure',
|
|
1584
1659
|
scanner: 'sensitive-path-scout',
|
|
1585
1660
|
cvss: {
|
|
@@ -1596,11 +1671,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1596
1671
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1597
1672
|
},
|
|
1598
1673
|
[VulnerabilityCode.SENS_LOW_STAGING_ENDPOINT_EXPOSED]: {
|
|
1599
|
-
id:
|
|
1674
|
+
id: 575,
|
|
1600
1675
|
code: VulnerabilityCode.SENS_LOW_STAGING_ENDPOINT_EXPOSED,
|
|
1601
1676
|
title: 'Staging Endpoint Exposed',
|
|
1602
1677
|
description: 'The application exposes staging endpoint exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1603
1678
|
severity: 'low',
|
|
1679
|
+
levelId: 4,
|
|
1604
1680
|
category: 'information_disclosure',
|
|
1605
1681
|
scanner: 'sensitive-path-scout',
|
|
1606
1682
|
cvss: {
|
|
@@ -1617,11 +1693,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1617
1693
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1618
1694
|
},
|
|
1619
1695
|
[VulnerabilityCode.SENS_LOW_EDITOR_BACKUP_FILE_DETECTED]: {
|
|
1620
|
-
id:
|
|
1696
|
+
id: 576,
|
|
1621
1697
|
code: VulnerabilityCode.SENS_LOW_EDITOR_BACKUP_FILE_DETECTED,
|
|
1622
1698
|
title: 'Editor Backup File Detected',
|
|
1623
1699
|
description: 'The application exposes editor backup file detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1624
1700
|
severity: 'low',
|
|
1701
|
+
levelId: 4,
|
|
1625
1702
|
category: 'information_disclosure',
|
|
1626
1703
|
scanner: 'sensitive-path-scout',
|
|
1627
1704
|
cvss: {
|
|
@@ -1638,11 +1715,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1638
1715
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1639
1716
|
},
|
|
1640
1717
|
[VulnerabilityCode.SENS_LOW_VIM_SWAP_FILE_DETECTED]: {
|
|
1641
|
-
id:
|
|
1718
|
+
id: 577,
|
|
1642
1719
|
code: VulnerabilityCode.SENS_LOW_VIM_SWAP_FILE_DETECTED,
|
|
1643
1720
|
title: 'VIM Swap File Detected',
|
|
1644
1721
|
description: 'The application exposes vim swap file detected in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1645
1722
|
severity: 'low',
|
|
1723
|
+
levelId: 4,
|
|
1646
1724
|
category: 'information_disclosure',
|
|
1647
1725
|
scanner: 'sensitive-path-scout',
|
|
1648
1726
|
cvss: {
|
|
@@ -1659,11 +1737,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1659
1737
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1660
1738
|
},
|
|
1661
1739
|
[VulnerabilityCode.SENS_LOW_DIRECTORY_LISTING_ENABLED]: {
|
|
1662
|
-
id:
|
|
1740
|
+
id: 578,
|
|
1663
1741
|
code: VulnerabilityCode.SENS_LOW_DIRECTORY_LISTING_ENABLED,
|
|
1664
1742
|
title: 'Directory Listing Enabled',
|
|
1665
1743
|
description: 'The application exposes directory listing enabled in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1666
1744
|
severity: 'low',
|
|
1745
|
+
levelId: 4,
|
|
1667
1746
|
category: 'information_disclosure',
|
|
1668
1747
|
scanner: 'sensitive-path-scout',
|
|
1669
1748
|
cvss: {
|
|
@@ -1680,11 +1759,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1680
1759
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1681
1760
|
},
|
|
1682
1761
|
[VulnerabilityCode.SENS_HIGH_AZURE_STORAGE_CONFIG_EXPOSED]: {
|
|
1683
|
-
id:
|
|
1762
|
+
id: 579,
|
|
1684
1763
|
code: VulnerabilityCode.SENS_HIGH_AZURE_STORAGE_CONFIG_EXPOSED,
|
|
1685
1764
|
title: 'AZURE Storage Config Exposed',
|
|
1686
1765
|
description: 'The application exposes azure storage config exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1687
1766
|
severity: 'high',
|
|
1767
|
+
levelId: 2,
|
|
1688
1768
|
category: 'information_disclosure',
|
|
1689
1769
|
scanner: 'sensitive-path-scout',
|
|
1690
1770
|
cvss: {
|
|
@@ -1701,11 +1781,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1701
1781
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1702
1782
|
},
|
|
1703
1783
|
[VulnerabilityCode.SENS_HIGH_MONGO_RC_EXPOSED]: {
|
|
1704
|
-
id:
|
|
1784
|
+
id: 580,
|
|
1705
1785
|
code: VulnerabilityCode.SENS_HIGH_MONGO_RC_EXPOSED,
|
|
1706
1786
|
title: 'Mongo Rc Exposed',
|
|
1707
1787
|
description: 'The application exposes mongo rc exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1708
1788
|
severity: 'high',
|
|
1789
|
+
levelId: 2,
|
|
1709
1790
|
category: 'information_disclosure',
|
|
1710
1791
|
scanner: 'sensitive-path-scout',
|
|
1711
1792
|
cvss: {
|
|
@@ -1722,11 +1803,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1722
1803
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1723
1804
|
},
|
|
1724
1805
|
[VulnerabilityCode.SENS_LOW_AWSSAM_TEMPLATE_EXPOSED]: {
|
|
1725
|
-
id:
|
|
1806
|
+
id: 581,
|
|
1726
1807
|
code: VulnerabilityCode.SENS_LOW_AWSSAM_TEMPLATE_EXPOSED,
|
|
1727
1808
|
title: 'Awssam Template Exposed',
|
|
1728
1809
|
description: 'The application exposes awssam template exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1729
1810
|
severity: 'low',
|
|
1811
|
+
levelId: 4,
|
|
1730
1812
|
category: 'information_disclosure',
|
|
1731
1813
|
scanner: 'sensitive-path-scout',
|
|
1732
1814
|
cvss: {
|
|
@@ -1743,11 +1825,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1743
1825
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1744
1826
|
},
|
|
1745
1827
|
[VulnerabilityCode.SENS_LOW_SERVERLESS_CONFIG_EXPOSED]: {
|
|
1746
|
-
id:
|
|
1828
|
+
id: 582,
|
|
1747
1829
|
code: VulnerabilityCode.SENS_LOW_SERVERLESS_CONFIG_EXPOSED,
|
|
1748
1830
|
title: 'Serverless Config Exposed',
|
|
1749
1831
|
description: 'The application exposes serverless config exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1750
1832
|
severity: 'low',
|
|
1833
|
+
levelId: 4,
|
|
1751
1834
|
category: 'information_disclosure',
|
|
1752
1835
|
scanner: 'sensitive-path-scout',
|
|
1753
1836
|
cvss: {
|
|
@@ -1764,11 +1847,12 @@ export const SENSITIVE_PATH_VULNERABILITIES = {
|
|
|
1764
1847
|
remediation: 'Remove or restrict access to the exposed resource. Store sensitive data outside public web roots, enforce authentication/allowlists, and review deployment pipelines for accidental exposure.',
|
|
1765
1848
|
},
|
|
1766
1849
|
[VulnerabilityCode.SENS_LOW_CLOUD_FORMATION_TEMPLATE_EXPOSED]: {
|
|
1767
|
-
id:
|
|
1850
|
+
id: 583,
|
|
1768
1851
|
code: VulnerabilityCode.SENS_LOW_CLOUD_FORMATION_TEMPLATE_EXPOSED,
|
|
1769
1852
|
title: 'Cloud Formation Template Exposed',
|
|
1770
1853
|
description: 'The application exposes cloud formation template exposed in a web-accessible location, which can reveal sensitive configuration, credentials, or operational details and enable attackers to further compromise the system or pivot to other assets.',
|
|
1771
1854
|
severity: 'low',
|
|
1855
|
+
levelId: 4,
|
|
1772
1856
|
category: 'information_disclosure',
|
|
1773
1857
|
scanner: 'sensitive-path-scout',
|
|
1774
1858
|
cvss: {
|