Unix Path Disclosure

Description

File and directory paths reveal information about the structure of the file system of the underlying OS. While this information does not directly impact the target, it provides valuable insights attackers can exploit. Attackers can leverage disclosed paths to gain knowledge of the system’s configuration and potentially identify additional attack vectors.

Recommendation

If the disclosure is unintentional, address the underlying reason causing it and ensure that paths are not revealed due to errors or misconfigurations. Implement robust access controls and input validation to prevent unintended disclosure of sensitive information.

References

• CWE-200
• Microsoft Security Development Lifecycle (SDL)
• OWASP 2021-A5
• OWASP: Information Leakage