Fix security issues - Githubissues

kiwix / metrics

Kiwix & openZIM software developement monitoring

https://metrics.kiwix.org

GNU General Public License v3.0

5 stars 3 forks source link

Fix security issues #75

Open kelson42 opened 1 year ago

kelson42 commented 1 year ago

[critical] Remote code execution on metrics.kiwix.org: metrics.kiwix.org hosts a vulnerable Kibana instance which may lead to full website compromise. Suggested Fix: Upgrade “Kibana” software to mitigate this vulnerability
[medium] open redirect on metrics.kiwix.org: metrics.kiwix.org does not properly check the request and may redirect legitimate users to phishing or malicious websites with a URL like https://metrics.kiwix.org//evil.com/*

kelson42 commented 1 year ago

@rohitmishra666 Honestly this is a pretty big and complicated job. I you are somekind of senior or/and know the platform used there, glat do get your help, otherwise I would not recommend to put your nose in this ;)