id: sftp-deployment-config info: name: Atom SFTP Configuration File - Detect author: geeknik severity: high description: | Atom SFTP deployment configuration file was detected. File contains server details and credentials. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cwe-id: CWE-200 reference: - https://atom.io/packages/sftp-deployment metadata: verified: true github-query: filename:deployment-config.json sftp tags: sftp,atom,config,exposure requests: - method: GET path: - "{{BaseURL}}/deployment-config.json" matchers-condition: and matchers: - type: word words: - '"host":' - '"username":' - '"password":' - '"remotePath":' condition: and - type: status status: - 200 # Enhanced by cs on 2023/03/02