Security Test: Appspec Exposure¶
Description¶
Default Severity:
This vulnerability happens when critical configuration files become publicly accessible. Essentially, sensitive information like deployment settings and secrets can accidentally be exposed if these YAML files aren’t properly restricted. Developers might leave these files in public directories or forget to limit access, which gives attackers a straightforward way to find and misuse important details about the deployment process. The risk is significant since it can lead to unauthorized access, misconfigurations, and a deeper compromise of the system if other components rely on the exposed data.
Configuration¶
Identifier:
information_disclosure/appspec_exposure
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API8:2023 |
| OWASP LLM Top 10 | LLM06:2023 |
| PCI DSS | 2.2.5 |
| GDPR | Article-32 |
| SOC2 | CC6 |
| PSD2 | Article-95 |
| ISO 27001 | A.12.6 |
| NIST | SP800-123 |
| FedRAMP | AC-22 |
| CWE | 200 |
| CVSS Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |