JetBrains .idea Project Directory Detected

Severity: Medium

Invicti detected JetBrains .idea project directory.

The .idea directory contains a set of configuration files (.xml) for your project. These configuration files contain information core to the project itself, such as names and locations of its component modules, compiler settings, etc. If you've defined a data source the file dataSources.ids contains information for connecting to the database and credentials. The workspace.xml file stores personal settings such as placement and positions of your windows, your VCS and History settings, and other data pertaining to the development environment. It also contains a list of changed files and other sensitive information. These files should not be present on a production system.


.idea project directory contains sensitive information about the project. This information might help an attacker to compromise the system.


Remove these files from production systems or restrict access to the .idea directory. To deny access to all the .idea folders you need to add the following lines in the appropriate context (either global config, or vhost/directory, or from .htaccess):

Order allow,deny
Deny from all
Further Reading#

Search Vulnerability

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works