Jetty server creden...
 
Notifications
Clear all

Jetty server credentials leak bug

2 Posts
2 Users
0 Reactions
51 Views
(@danijel-tudek)
New Member
Joined: 1 year ago
Posts: 9
Topic starter  

Reposting here after mistakenly posting in the wrong forum: https://community.zextras.com/forum/postid/9914

Posted by: @danijel-tudek

Present in Carbonio 24.12. First reported 3 months ago without feedback: https://community.zextras.com/forum/general-info/jetty-directory-listing-open/

Can someone please check this? This issue means that anyone can grab all these files from anywhere in the world. Every installation of Carbonio could have been compromised with internal credentials being available in plain text to anyone.

This bug leaks LDAP passwords and SSL private key, nginx configuration and pretty much everything else in /opt/zextras/conf.


   
Quote
(@sharif)
Estimable Member Admin
Joined: 3 years ago
Posts: 637
 

@danijel-tudek

Hi,

This post would clarify all of your doubts and understanding of the issue.

https://community.zextras.com/forum/postid/9927/

Regards,

 


   
ReplyQuote