SYM_GO_0023 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Exposure of Information Through Directory Listing
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-548: Exposure of Information Through Directory Listing |
| OWASP | A06:2017 - Security Misconfiguration |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
Using http.FileServer as a handler in Go exposes directory contents to anyone with access to the server. This allows users to browse all files in the served directory, which may unintentionally reveal sensitive files.
Impact
If exploited, attackers can view or download files not meant for public access, such as configuration files, credentials, or source code. This can lead to data leaks, information disclosure, and further attacks against your system.