Its basically if you misconfigure soemthing in your security like maybe have some encryption disabled or email verification disbaled ,services not updated etc. Also stuff like default credentials and stuff are part of this also maybe something like errot traces or stack traces so it shouldnt be throwing any errors in production that is information disclosure.Use best practices while installing stuff and dont have any unnecesssary ports open and dont ever use default credentials.