JetBrains .idea Directory Detected
medium Web Application Scanning Plugin ID 98701
Synopsis
JetBrains .idea Directory DetectedDescription
A JetBrains .idea Directory has been detected. This directory contains project specific settings in xml format. These configuration files may include sensitive information such as server configuration settings, component module information, compiler information, credentials, project history and stack fingerprinting data.These files should not be publicly accessible and thus should be removed immediately.
Solution
Remove .idea directorySee Also
https://stackoverflow.com/questions/17049416/what-is-the-idea-folder
https://www.acunetix.com/vulnerabilities/web/jetbrains-idea-project-directory/
Plugin Details
Severity: Medium
ID: 98701
Type: remote
Family: Web Applications
Published: 9/2/2019
Updated: 11/26/2021
Scan Template: api, scan, pci
Risk Information
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS Score Source: Tenable
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS Score Source: Tenable
Vulnerability Information
CPE: cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*
Reference Information
CWE: 538
WASC: Predictable Resource Location
HIPAA: 164.312(a)(1), 164.312(a)(2)(i)
CAPEC: 95
DISA STIG: APSC-DV-002480
OWASP: 2010-A6, 2013-A5, 2017-A6, 2021-A1
OWASP API: 2019-API7
PCI-DSS: 3.2-2.2
ISO: 27001-A.13.1.1, 27001-A.14.1.2, 27001-A.14.1.3, 27001-A.18.1.3, 27001-A.6.2.2, 27001-A.9.1.2, 27001-A.9.4.1, 27001-A.9.4.4, 27001-A.9.4.5
NIST: sp800_53-AC-3