possible security issue with publicly available config directory
Closed this issue · 2 comments
hersleyhs commented
Describe the issue
There is a possible security issue with publicly available config directory. I have not investigated if more are available but at least the config directory is.
To reproduce
got to the url: https://www.w3.org/config/
Expected behavior
I would expect to not get access by either a no access allowed error or be redirected to a other page
Additional context
when you google "intitle:"index of" inurl:/config/" this site is the first result.
ChTalhaazhar commented
chaudhary Muhammad talha
…On Fri, Mar 22, 2024, 4:50 PM hersleyhs ***@***.***> wrote:
*Describe the issue*
There is a possible security issue with publicly available config
directory. I have not investigated if more are available but at least the
config directory is.
*To reproduce*
got to the url: https://www.w3.org/config/
*Expected behavior*
I would expect to not get access by either a no access allowed error or be
redirected to a other page
*Screenshots*
image.png (view on web)
<https://github.com/w3c/w3c-website/assets/70904973/dca7cf0b-6f2e-4f03-86ed-135eb00d594f>
*Additional context*
when you google "*intitle:"index of" inurl:/config/*" this site is the
first result.
—
Reply to this email directly, view it on GitHub
<#619>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BDTVVIPCDSAOJ4F2JH6IR5DYZQLJ7AVCNFSM6AAAAABFDFX2EGVHI2DSMVQWIX3LMV43ASLTON2WKOZSGIYDEMZSGAYDQMY>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
gosko commented
This is not a security issue. This directory is intended to be public.