Unreferenced Source Code Disclosure

Description

Unreferenced Source Code Disclosure is a vulnerability that occurs when a backup file or source code file of an application is accessible to users, potentially revealing sensitive information such as credentials, API keys, or proprietary algorithms. This exposure can happen due to misconfigurations or vulnerabilities in the web server or application.

Recommendation

To mitigate Unreferenced Source Code Disclosure, remove the file or limit access to it.

References

• CWE-200
• CWE-540
• OWASP 2021-A5
• OWASP: Source Code Disclosure