Reposting here after mistakenly posting in the wrong forum: https://community.zextras.com/forum/postid/9914
Present in Carbonio 24.12. First reported 3 months ago without feedback: https://community.zextras.com/forum/general-info/jetty-directory-listing-open/
Can someone please check this? This issue means that anyone can grab all these files from anywhere in the world. Every installation of Carbonio could have been compromised with internal credentials being available in plain text to anyone.
This bug leaks LDAP passwords and SSL private key, nginx configuration and pretty much everything else in /opt/zextras/conf.
Hi,
This post would clarify all of your doubts and understanding of the issue.
https://community.zextras.com/forum/postid/9927/
Regards,