Skip to content

Information Disclosure: Appspec Exposure

Identifier: appspec_exposure

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

This vulnerability happens when critical configuration files become publicly accessible. Essentially, sensitive information like deployment settings and secrets can accidentally be exposed if these YAML files arent properly restricted. Developers might leave these files in public directories or forget to limit access, which gives attackers a straightforward way to find and misuse important details about the deployment process. The risk is significant since it can lead to unauthorized access, misconfigurations, and a deeper compromise of the system if other components rely on the exposed data.

Configuration

Example

Example configuration:

---
security_tests:
  appspec_exposure:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.