w3c/w3c-website

possible security issue with publicly available config directory

Closed this issue · 2 comments

Describe the issue
There is a possible security issue with publicly available config directory. I have not investigated if more are available but at least the config directory is.

To reproduce
got to the url: https://www.w3.org/config/

Expected behavior
I would expect to not get access by either a no access allowed error or be redirected to a other page

Screenshots
image

Additional context
when you google "intitle:"index of" inurl:/config/" this site is the first result.

This is not a security issue. This directory is intended to be public.