NetBSD Problem Report #57549
From www@netbsd.org Sat Jul 29 04:10:12 2023
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id B84E01A9238
for <gnats-bugs@gnats.NetBSD.org>; Sat, 29 Jul 2023 04:10:12 +0000 (UTC)
Message-Id: <20230729041011.5CD431A923A@mollari.NetBSD.org>
Date: Sat, 29 Jul 2023 04:10:11 +0000 (UTC)
From: darksal3h@gmail.com
Reply-To: darksal3h@gmail.com
To: gnats-bugs@NetBSD.org
Subject: Leaking sensitive file
X-Send-Pr-Version: www-1.0
>Number: 57549
>Category: install
>Synopsis: Leaking sensitive file
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: install-manager
>State: closed
>Class: doc-bug
>Submitter-Id: net
>Arrival-Date: Sat Jul 29 04:15:00 +0000 2023
>Closed-Date: Sat Jul 29 14:11:25 +0000 2023
>Last-Modified: Sat Jul 29 14:11:25 +0000 2023
>Originator: saleh
>Release: in the main website
>Organization:
darsek
>Environment:
in the webapp
>Description:
The above website is leaking information such as password, desklablkey, and many many other sensitive file
>How-To-Repeat:
go to https://www.netbsd.org/~kamil/cgd/
>Fix:
Filter the input user
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed
State-Changed-By: jakllsch@NetBSD.org
State-Changed-When: Sat, 29 Jul 2023 14:11:25 +0000
State-Changed-Why:
not a problem, not a bug
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2023
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.