Exposing debug.log file leads to server full path disclosure
Low
Vulnerability Details
At the following address i have found debug.log file disclose the application full path on the server.
https://nextcloud.com/wp-content/debug.log
## Impact
The server should not expose this log file as it could help an attacker to understand the environment that may lead to further attacks.
Actions
View on HackerOneReport Stats
- Report ID: 696360
- State: Closed
- Substate: resolved
- Upvotes: 12