possible security issue with publicly available config directory

[hersleyhs]

Describe the issue There is a possible security issue with publicly available config directory. I have not investigated if more are available but at least the config directory is.

To reproduce got to the url: https://www.w3.org/config/

Expected behavior I would expect to not get access by either a no access allowed error or be redirected to a other page

Screenshots

Additional context when you google "intitle:"index of" inurl:/config/" this site is the first result.

[ChTalhaazhar]

chaudhary Muhammad talha

On Fri, Mar 22, 2024, 4:50 PM hersleyhs @.***> wrote:

Describe the issue There is a possible security issue with publicly available config directory. I have not investigated if more are available but at least the config directory is.

To reproduce got to the url: https://www.w3.org/config/

Expected behavior I would expect to not get access by either a no access allowed error or be redirected to a other page

Screenshots image.png (view on web) https://github.com/w3c/w3c-website/assets/70904973/dca7cf0b-6f2e-4f03-86ed-135eb00d594f

Additional context when you google "intitle:"index of" inurl:/config/" this site is the first result.

— Reply to this email directly, view it on GitHub https://github.com/w3c/w3c-website/issues/619, or unsubscribe https://github.com/notifications/unsubscribe-auth/BDTVVIPCDSAOJ4F2JH6IR5DYZQLJ7AVCNFSM6AAAAABFDFX2EGVHI2DSMVQWIX3LMV43ASLTON2WKOZSGIYDEMZSGAYDQMY . You are receiving this because you are subscribed to this thread.Message ID: @.***>

[gosko]

This is not a security issue. This directory is intended to be public.