Unix Path Disclosure

Description

File and directory paths reveal information about the structure of the file system of the underlying OS. This information does not create any direct impact on the target, though it provides valuable information attackers can use in their attack.

Recommendation

If it’s not displayed intentionally, fix the reason causing the disclosure and make sure the path is not revealed due to errors and misconfigurations.

References

• CWE-200
• OWASP 2007-A6
• OWASP 2021-A1