H3-2022-0046
Rails Database Configuration File Exposure
Category | SECURITY_MISCONFIGURATION |
Base Score | 7.5 |
Description
Ruby on Rails applications store database configuration information in a file named config/database.yml. By default it contains three configurations: production, development, and test. The information stored in this file is highly sensitive and should not be found in a production system.
Impact
Attackers can enumerate the host system and the ruby configuration viewing this file.