Is it possible to put any further security on the /js/folder, I am using nginx. This allows the user to view plain text versions of the files in the directory.
Matomo version: 5.1.2
MySQL version: 5.7.12
PHP version: 8.3.13
We go the following security scan report
Category Web Application
CVE -
CVSS base score 2.1
Description Predictable Resource Location Via Forced Browsing
Host {MYIPADDRESS}
Threat -
Impact -
Solution -
PCI compliant
No
PCI details -
Reason The vulnerability is not included in the NVD.
PCI severity low
Port 443 / tcp
Host name mydomain .com
Host OS -
Result
url: mydomain_com/js/
Payload: mydomain_com/js/
comment:
Original URL is: mydomain_com/
matched: HTTP/1.1 200 OK
CVSS Base Score 2.1
- AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS Temporal Score 1.7 - E:U/RL:W/RC:C
Severity 2
Category Web Application
CVE ID
Vendor Reference
Bugtraq ID
Date Updated Apr 6, 2024
Threat A file, directory, or directory listing was discovered on the Web server. These resources are confirmed to be present based on our logic. Some of the content on these files might have sensitive information.
NOTE: Links found in 150004 are found by forced crawling so will not automatically be added to 150009 Links Crawled or the application site map. If links found in 150004 need to be tested they must be added as Explicit URI so they are included in scope and then will be reported in 150009. Once the link is added to be in scope (i.e. Explicit URI) this same link will no longer be reported for 150004.
Impact The contents of this file or directory may disclose sensitive information.
Solution It is advised to review the contents of the disclosed files. If the contents contain sensitive information, please verify that access to this file or directory is permitted. If necessary, remove it or apply access controls to it.