| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Low |
The server is configured to listen on all network interfaces (0.0.0.0 or an empty address), which can unintentionally make it accessible from any network, including the public internet. This increases the risk of unauthorized users connecting to your service.
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Storing session IDs in URLs (using methods like encodeURL or encodeRedirectURL) exposes sensitive session information, as URLs can be logged, bookmarked, or leaked to third parties. This makes it easier for attackers to steal user sessions.
If an attacker obtains a session ID from the URL, they can hijack user sessions and potentially gain unauthorized access to user accounts or sensitive data. This can lead to data breaches, account compromise, and loss of trust in the application.
| Property | |
|---|---|
| Language |  |
| Severity | |
| CWE | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Found a configuration file where the domain attribute is not set to null. It is recommended (unless you are using sub-domain route registrations) to set this attribute to null so that only the same origin can set the cookie, thus protecting your cookies.
| Property | |
|---|---|
| Language | |
| Severity | |
| CWE | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Using the ‘phpinfo’ function exposes detailed information about your server’s PHP configuration, environment variables, and installed modules. This can give away sensitive setup details that should not be accessible to users.
If an attacker accesses output from ‘phpinfo’, they can gather critical information like file paths, software versions, and enabled extensions. This data may help them find and exploit other vulnerabilities, increasing the risk of targeted attacks or unauthorized access.
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | High |
Binding a server socket to ‘0.0.0.0’, ‘::’, or an empty string listens on all network interfaces, making the service accessible from any network. This can unintentionally expose your application to the public internet or untrusted networks.
If exploited, unauthorized users could connect to your server, potentially accessing sensitive data or abusing application functions. This broad exposure increases the risk of data leaks, unauthorized access, and attacks against your system from external sources.
| Property | |
|---|---|
| Language |  |
| Severity | |
| CWE | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
The application is configured to show detailed error or exception reports to users. This exposes internal system information, such as file paths, code snippets, or environment details, which should remain confidential.
If an attacker encounters an error, they could view sensitive system or code information, making it easier to find and exploit vulnerabilities. This exposure increases the risk of targeted attacks, data leaks, or unauthorized access to the application’s internal workings.
| Property | |
|---|---|
| Language | |
| Severity | |
| CWE | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Sensitive information such as passwords, secrets, or API keys is being hardcoded directly into source code. This makes these credentials easy to discover if the code is shared, published, or accessed by unauthorized users.
If attackers gain access to the source code, they can extract these secrets to compromise accounts, access private APIs, or escalate privileges within your systems. This can lead to data breaches, unauthorized access, and significant damage to your application’s security and reputation.
| Property | |
|---|---|
| Language |  |
| Severity | |
| CWE | CWE-73: External Control of File Name or Path |
| OWASP | A04:2021 - Insecure Design |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Passing user input directly to res.sendFile in Express can let attackers manipulate file paths and access files outside the intended directory. Input should always be validated and paths canonicalized before using sendFile to prevent unauthorized file access.
If exploited, an attacker could read sensitive files on the server (such as configuration files, environment variables, or source code) by submitting crafted requests. This can lead to data breaches, exposure of credentials, and compromise of the application’s security.
| Property | |
|---|---|
| Language | |
| Severity | |
| CWE | CWE-73: External Control of File Name or Path |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
These functions can be used to read to content of the files if the data inside is user-controlled. Don’t use the input directly or validate the data properly before passing it to these functions.
| Property | |
|---|---|
| Language | |
| Severity | |
| CWE | CWE-73: External Control of File Name or Path |
| OWASP | A04:2021 - Insecure Design |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
The code uses a user-supplied filename directly in the flask.send_file() function without sanitizing the input. This allows attackers to request and access arbitrary files on the server.
If exploited, an attacker could download sensitive or private files from the server, such as configuration files, credentials, or application source code. This can lead to data breaches, exposure of secrets, and compromise of the application or underlying system.