236 – Technical information leak - SourceMap

Description

The .map files are exposed, making it easy for a malicious actor to analyze the application.

Impact

Understand the inner workings of the application to generate new attack vectors.

Recommendation

Limit access of map files to authorized users and roles.

Threat

Unauthorized user from the Internet.

Expected Remediation Time

15 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: P

Requirements

• 077 - Avoid disclosing technical information
• 176 - Restrict system objects

Fixes

• Csharp
• Dart
• Go
• Java
• Ruby
• Scala
• Typescript

Last updated

2024/02/16