#Information Disclosure - "root files exposed to the public"

[Steiner-254]

Name: Information Disclosure - "root files exposed to the public"
Date (14th/Aug/2022)
Impact (High)

~ Hello, your web application leaks root files to the public.

#Steps To Reproduce
~ Browse through the following endpoint:

https://root.cern/root/files/

#Proof Of Concept

#Impact
~ This endpoint should not be publicly accessible since it leads to sensitive information disclosure which is deadly.

[couet]

Which "sensitive information" information are you talking about ? As far I as know the files there are public, nothing sensitive there.