[Freedombox-discuss] Security/privacy issue for users of Tor onion service or Pagekite
pere at hungry.com
Tue Aug 25 07:25:41 BST 2020
> An issue has been found in FreedomBox that allows anonymous and
> unauthorized users to access private and potentially security relevant
> information. The information is shown on an Apache Server Status page
> and includes the IP address and URL request path for clients accessing
> pages on the server.
Ouch, that was nasty. Anyone could via pagekite look at some of the
valid URLs visited on my Freedombox. Luckily all of them require
authentication, and the only IP address exposed is on the private
(192.168/16) net inside my house.
Is there a CVE assigned to this issue?
More information about the Freedombox-discuss