Description

The web application exposes Delve Debugger port. It's not recommended to have Delve service publicly accessible as the debugger has full access to the Go app and an attacker may be able to execute arbitrary code.

Remediation

Disable Debugger or restrict access to it

References

Delve

Related Vulnerabilities

WordPress Plugin SP Project & Document Manager Multiple Vulnerabilities (2.5.9.7)

XWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32731)

XML external entity injection (variant)

Unrestricted access to Haproxy Data Plane API

WordPress Plugin Mashshare-Social Media Icons SEO Share Buttons for Facebook, Twitter, Subscribe Information Disclosure (2.3.0)

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Information Disclosure Configuration