Details

    • Branch Version/s:
      6.0.x
    • Backported to Branch:
      Committed

      Description

      Looks like we allow anyone to browse through all documents and images that have guest VIEW permission and there doesn't seem to be any way to disable this directory indexing.

      The paths I found vulnerable are /documents/ and /image/.

      See https://www.owasp.org/index.php/File_System#Insecure_Indexing for more information of security implications.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  4 years, 36 weeks, 5 days ago