Hi, first of all - great work with the repo.
Pagekit Docker Image Exposes composer.lock File
Description
The community Pagekit Docker image (pagekit/pagekit on Docker Hub) allows public access to the composer.lock file located in the web root.
Proof of Concept
Screenshot
Details
CWE:
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-284: Improper Access Control
- CWE-285: Improper Authorization
- CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory
References
Best regards,
Hi, first of all - great work with the repo.
Pagekit Docker Image Exposes composer.lock File
Description
The community Pagekit Docker image (pagekit/pagekit on Docker Hub) allows public access to the
composer.lockfile located in the web root.Proof of Concept
Screenshot
Details
Affected Docker image:
pagekit/pagekitAffected Docker image - link: https://hub.docker.com/r/pagekit/pagekit
CWE:
References
Best regards,