Directory listing is enabled that exposes non public data through multiple path
Low
Vulnerability Details
Directory Listing is enabled on https://try.nextcloud.com and it shows out a few files on the server + The server version.
POC: https://try.nextcloud.com/assets/
https://try.nextcloud.com/css/
https://try.nextcloud.com/js/
## Impact
This could leak sensitive information on the server and it also allows an attacker to gain knowledge about the web-technology used by the website
Actions
View on HackerOneReport Stats
- Report ID: 690796
- State: Closed
- Substate: resolved
- Upvotes: 8