Pagekit Docker Image Exposes composer.lock File #7
Description
Hi, first of all - great work with the repo.
Pagekit Docker Image Exposes composer.lock File
Description
The community Pagekit Docker image (pagekit/pagekit on Docker Hub) allows public access to the composer.lock file located in the web root.
Proof of Concept
Screenshot
Details
-
Affected Docker image:
pagekit/pagekit -
Affected Docker image - link: https://hub.docker.com/r/pagekit/pagekit
CWE:
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-284: Improper Access Control
- CWE-285: Improper Authorization
- CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory
References
Best regards,