Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Atom Package SFTP - Deployment Configuration Disclosure" module is designed to detect a specific misconfiguration vulnerability in the Atom Package SFTP plugin. This plugin is used for deploying files via SFTP in the Atom text editor. The severity of this vulnerability is classified as high.
This module was created by geeknik.
If exploited, this vulnerability could lead to the exposure of sensitive server details and credentials. The deployment configuration file, "deployment-config.json," contains information such as the host, username, password, and remote path. Unauthorized access to this file could potentially compromise the security of the SFTP server.
The module works by sending an HTTP GET request to the "/deployment-config.json" path. It then applies two matching conditions to determine if the vulnerability is present:
If both matching conditions are met, the module reports the vulnerability.
Example HTTP request:
GET /deployment-config.json
Note: The actual JSON definitions of the module are not shown here for simplicity.
For more information about the Atom Package SFTP plugin, you can visit the official package page.
Metadata:
verified: true
github-query: filename:deployment-config.json sftp