Hi Security Team, I hope you are doing good.I have found that the cygcheck log file was exposed to public on your web server. It includes all full path and files I think this information should not be publicly accessible. Step To Reproduce 1.Go to https://sourceware.org/legacy-ml/cygwin/2017-02/msg00013/cygcheck.log 2.See the data. Mitigation Just set the permission to this file which can't be accessible from public or delete the file if it is not use in production. Impact This may allow attacker to exploit further more. Best Regards, Bytehx.
normal