Closed
Bug 1113207
Opened 10 years ago
Closed 9 years ago
Sensitive Files Exposed via Directory Listing
Categories
(Socorro :: General, task)
Socorro
General
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: upgoingstaar, Unassigned)
Details
Attachments
(3 files)
dr1.PNG
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 Steps to reproduce: Browse to https://crash-stats-prod.zlb.phx.mozilla.net/. Actual results: This shows a complete directory listing of crash reports, .sh files, internal test files, etc. Expected results: I am not sure if this is intentionally made public or not. In case this was intentionaly public, obviously not a bug. Otherwise should be patched on immediate basis, as information being disclosed sounds a bit critical. Thank you.
|
Reporter | |
Comment 1•10 years ago
|
||
|
|
Reporter | |
Comment 2•10 years ago
|
||
|
||
Comment 3•10 years ago
|
||
Crash stats are publicly available here; I guess nothing is sensitive. https://crash-stats.mozilla.com/home/products/Firefox
Component: Other → General
Product: Websites → Socorro
Version: Production → unspecified
|
||
Comment 4•10 years ago
|
||
This is exposing only public data (and some scripts to run reports on that public data as well as the resulting reports), and its normal URL is actually https://crash-analysis.mozilla.com/
|
|
Reporter | |
Comment 5•10 years ago
|
||
Okay. Great then.:)
|
||
Comment 6•10 years ago
|
||
So can this be closed as INVALID? Or what needs to be done here?
|
|
||
Comment 7•9 years ago
|
||
Closing as WFM as I don't see anything sensitive.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•