Description
File and directory paths reveal information about the structure of the file system of the underlying OS. This information does not create any direct impact on the target, though it provides valuable information attackers can use in their attack. Attackers can leverage disclosed paths to gain insights into the system’s configuration and potentially identify additional attack vectors.
Recommendation
If it’s not displayed intentionally, fix the reason causing the disclosure and make sure the path is not revealed due to errors and misconfigurations. Implement access controls and input validation to prevent unintended disclosure of sensitive information.
References
- Microsoft Security Development Lifecycle (SDL)
- OWASP: Information Leakage
- CWE-200
- CAPEC-118
- OWASP 2021-A5