Platform
Virtual Machine
Describe your issue as much as you can
The application exposes the Codeception configuration file (codeception.yml) through a publicly accessible URL. During security testing, it was observed that the configuration file can be accessed without authentication and discloses information related to the application's testing framework, environment settings, directory structure, modules, and other internal configurations. Exposure of such information may assist attackers in understanding the application's architecture and identifying potential attack vectors. Public access to development and testing configuration files increases the overall attack surface and may facilitate further reconnaissance activities. This issue indicates insufficient protection of sensitive configuration files within the production environment.
Platform
Virtual Machine
Describe your issue as much as you can
The application exposes the Codeception configuration file (codeception.yml) through a publicly accessible URL. During security testing, it was observed that the configuration file can be accessed without authentication and discloses information related to the application's testing framework, environment settings, directory structure, modules, and other internal configurations. Exposure of such information may assist attackers in understanding the application's architecture and identifying potential attack vectors. Public access to development and testing configuration files increases the overall attack surface and may facilitate further reconnaissance activities. This issue indicates insufficient protection of sensitive configuration files within the production environment.