Laravel Log File Detected

medium Web App Scanning Plugin ID 98943

Synopsis

Laravel Log File Detected

Description

Laravel log file /storage/logs/laravel.log has been detected on the target web application.

This file may contain sensitive information about application and server configuration (debug and stack trace) and could help an attacker conduct further attacks.

Solution

Laravel log file should not be publicly available on Internet. Permissions set on this file should be reviewed and fixed

See Also

https://laravel.com/docs/master/logging

Plugin Details

Severity: Medium

ID: 98943

Type: remote

Published: 2/24/2020

Updated: 11/26/2021

Scan Template: api, basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS Score Source: Tenable

CVSS v4

Risk Factor: Medium

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CVSS Score Source: Tenable

Vulnerability Information

CPE: cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*

Exploit Ease: Exploits are available

Reference Information