Security Warning: Directory Listing Enabled on https://techbase.kde.org
Sentinel Cypher
sentinelcypher6 at gmail.com
Sun Jul 6 11:26:45 BST 2025
Hi Team,
I wanted to follow up on the vulnerability I submitted. I took care to
follow responsible disclosure practices and ensure the report was clear and
actionable.
If your team offers any form of reward or appreciation for valid reports,
I’d be grateful to be considered. These gestures really encourage continued
ethical research and collaboration.
Thanks again for your time.
Best Regards.
On Tue, Jul 1, 2025 at 3:30 PM Sentinel Cypher <sentinelcypher6 at gmail.com>
wrote:
> *Severity: High*
>
> *Website:* <https://techbase.kde.org>https://techbase.kde.org
> *Affected POC:* https://techbase.kde.org/images/
>
> *Description:*
> Directory listing is enabled on your server, exposing files and folders
> that should remain hidden. This can leak sensitive data, scripts, or
> configuration files, providing attackers valuable information for further
> exploits.
>
> *Suggested Fix:*
> Disable directory listing in your web server configuration (e.g., Apache’s Options
> -Indexes). Regularly audit directories to ensure sensitive files are
> protected.
>
> *White Hat Note:*
> We share these insights to enhance your site’s security. Notify us after
> resolution so we can retest. We appreciate your proactive security efforts
> and look forward to your bounty program.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-www/attachments/20250706/21c3abae/attachment.htm>
More information about the kde-www
mailing list