rspec/rules/S5689/description.adoc

Disclosure of version information, usually overlooked by developers but disclosed by default
by the systems and frameworks in use, can pose a significant security risk
depending on the production environement.

Once this information is public, attackers can use it to identify potential
security holes or vulnerabilities specific to that version.

Furthermore, if the published version information indicates the use of outdated
or unsupported software, it becomes easier for attackers to exploit known
vulnerabilities. They can search for published vulnerabilities related to that
version and launch attacks that specifically target those vulnerabilities.
Modify S5689: Clarify the rule stakes (#2911) For review, have a look to our docs: https://docs.sonarsource.com/sonarqube/9.8/extension-guide/adding-coding-rules/#coding-rule-guidelines This should not be merged by an AppSec member, because it contains message information. It should be merged by someone from SonarJS. --------- Co-authored-by: daniel-teuchert-sonarsource <141642369+daniel-teuchert-sonarsource@users.noreply.github.com> 2023-08-25 19:32:17 +02:00			`Disclosure of version information, usually overlooked by developers but disclosed by default`
			`by the systems and frameworks in use, can pose a significant security risk`
			`depending on the production environement.`

			`Once this information is public, attackers can use it to identify potential`
			`security holes or vulnerabilities specific to that version.`

			`Furthermore, if the published version information indicates the use of outdated`
			`or unsupported software, it becomes easier for attackers to exploit known`
			`vulnerabilities. They can search for published vulnerabilities related to that`
			`version and launch attacks that specifically target those vulnerabilities.`