Security Warning: Directory Listing Enabled on https://community.kde.org
Hack4 Good
hackgood345 at gmail.com
Wed Jun 25 14:50:10 BST 2025
*Severity: High*
*Website:* <https://community.kde.org>https://community.kde.org
*Affected POC:* https://community.kde.org/images/
*Description:*
Directory listing is enabled on your server, exposing files and folders
that should remain hidden. This can leak sensitive data, scripts, or
configuration files, providing attackers valuable information for further
exploits.
*Suggested Fix:*
Disable directory listing in your web server configuration (e.g.,
Apache’s Options
-Indexes). Regularly audit directories to ensure sensitive files are
protected.
*White Hat Note:*
We share these insights to enhance your site’s security. Notify us after
resolution so we can retest. We appreciate your proactive security efforts
and look forward to your bounty program.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-www/attachments/20250625/5df3ec22/attachment.htm>
More information about the kde-www
mailing list