Information Exposure Through Directory Listing

Disclosed: 2018-05-17 09:04:38 By mobius07 To nextcloud

None

Vulnerability Details

Hello. I found open directories on the site https://apps.nextcloud.com, which can be viewed by any unauthorized user. There is an error at https://apps.nextcloud.com/static/. F212856 All directories and files in them, starting with `/static/` can be viewed or downloaded with all the content. Perhaps there is some kind of confidential information. Decision: Disable directory browsing. If this is required, make sure the listed files does not induce risks. Thank you

Actions

View on HackerOne

Report Stats

Report ID: 260221
State: Closed
Substate: informative
Upvotes: 4

Information Exposure Through Directory Listing

Vulnerability Details

Actions

Report Stats

Share this report