[SECURITY] Possible Security Vuln

NginxProxyManager / nginx-proxy-manager

Docker container for managing Nginx proxy hosts with a simple, powerful interface

https://nginxproxymanager.com

MIT License

21.04k stars 2.44k forks source link

[SECURITY] Possible Security Vuln #3712

Open OmarLopez18 opened 3 months ago

OmarLopez18 commented 3 months ago

Describe the bug A connection from the NGNIX service attempt to gain access to my personal computer files, Bitdefender block it. A security vulnerability must exist. This has never happened before.

Nginx Proxy Manager Image Tag github-dependabot-npm_and_yarn-docs-tar-6-2-1

Expected behavior It should NOT try to access my stuff.

Screenshots

Operating System Truenas Scale

Additional context DNS request from NGINX

www.cloudflare.com
ip-ranges.amazonaws.com

OmarLopez18 commented 3 months ago

Will try to isolate the docker container and monitor the connections attempts made from it.

OmarLopez18 commented 3 months ago

@IgorDuino you think this may have to do with the vulnerability you found a couple of weeks ago?

IgorDuino commented 3 months ago

I'm not entirely sure. It would be helpful if you could provide logs so we can investigate further. We can discuss this incident on LinkedIn or Telegram if you prefer.