Affects Version/s: 7.0.X, 7.1.X, Master
Steps to reproduce:
- Log in as Admin
- Create a new site (eg: Test)
- After you click Save, Documents and Media section will apear in the bottom of settings
- Check tooltip for Enable Directory Indexing
Based on this message, you would understand that only site admins can browse the DL files and folders. However, when directory indexing is enabled, document libraries are browsable through the URL not only for site admins but for anyone according to the default Document Library permissions. This is a security risk as per OWASP: https://www.owasp.org/index.php/File_System#Insecure_Indexing
It may be considered changing the tooltip message to reflect this risk.