Closed turtledude01 closed 7 years ago
Anything that routes through Cloudflare could have possibly leaked data via third partys that caused the leak to occur.
Id love to see proof of this because nothing I have found officially states this.
Because Cloudflare operates a large, shared infrastructure an HTTP request to a Cloudflare web site that was vulnerable to this problem could reveal information about an unrelated other Cloudflare site.
Here's the official blog post, the quote can be found near the end of the post.
Search for External impact and cache clearing
Ive already read that one, doesn't prove anything
The whole blog post goes into detail explaining why, and what exactly happened. It's been published by Cloudflare themselves. Personally i'd say this is proof enough, especially if potentially confidential data was leaked.
Now show me proof that every site listed in this repo was affected.
The key words are could have
and possibly
.
Every website routed through Cloudflare's CDN solutions had a slim chance of leaking data via other, unrelated websites where the bug occured - as long as it happened on the same proxy node.
Even sites cloudflare has manually emailed saying they're not affected are not "proven" to be unaffected: https://github.com/pirate/sites-using-cloudflare/issues/87#issuecomment-282372235
If I use FULL ssl encryption from end to end is it possible that my websites 'were' affected? I have read in many places that it is only the Flexible SSL that was affected, is this true?