Laravel Log File Detected

medium Web App Scanning Plugin ID 98943

Language:

Synopsis

Laravel Log File Detected

Description

Laravel log file /storage/logs/laravel.log has been detected on the target web application.

This file may contain sensitive information about application and server configuration (debug and stack trace) and could help an attacker conduct further attacks.

Solution

Laravel log file should not be publicly available on Internet. Permissions set on this file should be reviewed and fixed

See Also

https://laravel.com/docs/master/logging

Plugin Details

Severity: Medium

ID: 98943

Type: remote

Family: Web Applications

Published: 2/24/2020

Updated: 11/26/2021

Scan Template: api, basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS Score Source: Tenable

Vulnerability Information

CPE: cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*

Exploit Ease: Exploits are available

Reference Information

CWE: 538

OWASP: 2010-A6, 2013-A5, 2017-A6, 2021-A1

WASC: Predictable Resource Location

CAPEC: 95

DISA STIG: APSC-DV-002480

HIPAA: 164.312(a)(1), 164.312(a)(2)(i)

ISO: 27001-A.13.1.1, 27001-A.14.1.2, 27001-A.14.1.3, 27001-A.18.1.3, 27001-A.6.2.2, 27001-A.9.1.2, 27001-A.9.4.1, 27001-A.9.4.4, 27001-A.9.4.5

NIST: sp800_53-AC-3

OWASP API: 2019-API7, 2023-API8

PCI-DSS: 3.2-2.2