Full path disclosure
Unknown
Vulnerability Details
Mongoose. The full path of the phabricator install is shown if you go to /login/mustverify/ while being logged out. This could be seen as a server configuration issue, but I think I followed your installation guide closely.
Since I already wrote it I include a little patch, please feel free to ignore it if it's not what you need.
Actions
View on HackerOneReport Stats
- Report ID: 143575
- State: Closed
- Substate: informative
- Upvotes: 1