a0a00c4cba
For review, have a look to our docs: https://docs.sonarsource.com/sonarqube/9.8/extension-guide/adding-coding-rules/#coding-rule-guidelines This should not be merged by an AppSec member, because it contains message information. It should be merged by someone from SonarJS. --------- Co-authored-by: daniel-teuchert-sonarsource <141642369+daniel-teuchert-sonarsource@users.noreply.github.com>
13 lines
657 B
Plaintext
13 lines
657 B
Plaintext
Disclosure of version information, usually overlooked by developers but disclosed by default
|
|
by the systems and frameworks in use, can pose a significant security risk
|
|
depending on the production environement.
|
|
|
|
Once this information is public, attackers can use it to identify potential
|
|
security holes or vulnerabilities specific to that version.
|
|
|
|
Furthermore, if the published version information indicates the use of outdated
|
|
or unsupported software, it becomes easier for attackers to exploit known
|
|
vulnerabilities. They can search for published vulnerabilities related to that
|
|
version and launch attacks that specifically target those vulnerabilities.
|
|
|