Open conf-test opened 3 years ago
ths for the notifications, I don't use the project anymore, it's a old record. But really thanks for the problem.
I will fix it late.
发件人: conf-test @.> 发送时间: 2021年5月4日 6:09 收件人: lf1707/drupal-work @.> 抄送: Subscribed @.***> 主题: [lf1707/drupal-work] Risky data exposure (#1)
Hi,
I'm a security researcher and am doing some study of public docker images. I found some misconfigurations in your docker image lf1707/drupal-u1804-apache2-9 may expose some sensitive data. I want to report these potential issues to you so you can fix them if necessary.
The data exposure I found includes:
The exposure is risky because
Would it be better to block these accesses in your docker image? If you want, I can also help fix them by creating pull requests on your git repo. Please let me know what you think. Thanks!
Best Regards,
― You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/lf1707/drupal-work/issues/1, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ADSCL2ROLWWBPNNKKGSDEPLTL4NJNANCNFSM44BS2YKQ.
Hi,
I'm a security researcher and am doing some study of public docker images. I found some misconfigurations in your docker image lf1707/drupal-u1804-apache2-9 may expose some sensitive data. I want to report these potential issues to you so you can fix them if necessary.
The data exposure I found includes:
The exposure is risky because
phpunit.xml
is for unit testing. You should not leave them on a live production server. (ref)composer/installed.json
expose config info (ref)Would it be better to block these accesses in your docker image? If you want, I can also help fix them by creating pull requests on your git repo. Please let me know what you think. Thanks!
Best Regards,