Closed
Bug 1819389
Opened 2 years ago
Closed 2 years ago
Improper Access to Unauthorized Endpoints [Taskcluster Dashboard]
Categories
(Websites :: Other, task)
Websites
Other
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: singhinder1208, Unassigned)
References
(Blocks 1 open bug, )
Details
(Keywords: reporter-external, Whiteboard: [reporter-external] [web-bounty-form] [verif?])
Hi Team,
Found two task cluster dashboards using Google Dorking.
Affected Hosts:
Open these URLs:
- https://community-tc.services.mozilla.com/auth/clients
- https://firefox-ci-tc.services.mozilla.com/auth/clients
- https://firefox-ci-tc.services.mozilla.com/provisioners
- https://community-tc.services.mozilla.com/provisioners
- https://community-tc.services.mozilla.com/provisioners/proj-taskcluster/worker-types/gw-ci-macos-10-14?sortBy=Last%20Active&sortDirection=desc
Flags: sec-bounty?
|
Reporter | |
Comment 1•2 years ago
|
||
Impact:
Can't say about the impact. Needs confirmation from the internal team.
Regards,
@encodedguy
|
||
Comment 2•2 years ago
|
||
Hello,
Thank you for your report.
Those instances are intentionally public. TaskCluster is our public CI for the open source Firefox project. These are intended to be available to our open source community.
Thanks,
Frida
|
|
||
Updated•2 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Flags: sec-bounty? → sec-bounty-
Resolution: --- → INVALID
|
|
||
Updated•2 years ago
|
Group: websites-security
|
||
Updated•1 year ago
|
Keywords: reporter-external
You need to log in
before you can comment on or make changes to this bug.
Description
•