Information Security

Is the presence of a file with a description of the internal api in the public domain a vulnerability?

Is swagger.json publicly available a vulnerability?
After all, it is much easier for an attacker to understand your application. If this is an api of some kind of personal account, does it make sense to give its contents only to authorized clients?

True, an attacker can simply register on the site and receive data in the same way.

I just recently saw a project where the site responds to the endpoint / api with a complete apish scheme. and since I'm a backend developer, not a frontend, I don't quite understand why the front needs this file, especially in a production environment. I thought it was only desirable to keep it for development. There is no need to show it to the whole world if you have a closed internal api.

Am I right or not? is this a potential vulnerability at least one point out of 10? what do you think?