Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The Redmine settings.yml File Disclosure module is designed to detect a misconfiguration vulnerability in the Redmine software. Redmine is a popular project management and issue tracking tool used by many organizations. This module focuses on identifying the exposure of the settings.yml file, which contains sensitive configuration information.
The severity of this module is classified as informative, indicating that it provides valuable information about potential security risks but does not directly exploit or compromise the system.
If the Redmine settings.yml file is exposed, it can lead to the disclosure of sensitive information such as database credentials, secret keys, and other configuration details. This information can be leveraged by attackers to gain unauthorized access to the system or perform other malicious activities.
The Redmine settings.yml File Disclosure module works by sending HTTP requests to specific paths commonly associated with the settings.yml file. These paths include "/settings.yml", "/config/settings.yml", and "/redmine/config/settings.yml". The module expects a successful response with a status code of 200 and specific words like "format:", "default:", and "Redmine" in the response body.
By analyzing the response, the module determines if the settings.yml file is accessible and if it contains the expected configuration structure. If the conditions are met, the module reports a potential misconfiguration vulnerability.
Here is an example of an HTTP request sent by the module:
GET /settings.yml
Host: example.com
The matching conditions for this module are:
- The response body must contain the words "format:", "default:", and "Redmine". - The response status code must be 200.If both conditions are satisfied, the module identifies the presence of the Redmine settings.yml file and reports it as a potential vulnerability.