Security Warning: Directory Listing Enabled on https://community.kde.org
Nicolás Alvarez
nicolas.alvarez at gmail.com
Thu Jun 26 19:23:15 BST 2025
El jue, 26 jun 2025 a la(s) 5:44 a.m., Hack4 Good
(hackgood345 at gmail.com) escribió:
>
> Severity: High
>
> Website: https://community.kde.org
> Affected POC: https://community.kde.org/images/
>
> Description:
> Directory listing is enabled on your server, exposing files and folders that should remain hidden. This can leak sensitive data, scripts, or configuration files, providing attackers valuable information for further exploits.
>
> Suggested Fix:
> Disable directory listing in your web server configuration (e.g., Apache’s Options -Indexes). Regularly audit directories to ensure sensitive files are protected.
>
> White Hat Note:
> We share these insights to enhance your site’s security. Notify us after resolution so we can retest. We appreciate your proactive security efforts and look forward to your bounty program.
Explain why this is a security problem, and especially why it would be
"severity: high". Does that folder have sensitive data, scripts or
configuration files?
--
Nicolás
More information about the kde-www
mailing list