You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm a security researcher and am doing some study of public docker images. I found some misconfigurations in your this image that may expose some risky data at runtime. The exposure I found include:
Hi,
I'm a security researcher and am doing some study of public docker images. I found some misconfigurations in your this image that may expose some risky data at runtime. The exposure I found include:
git:
/extensions/Kartographer/gitinfo.json
/extensions/Math/gitinfo.json
/extensions/Kartographer/.gitignore
/extensions/Kartographer/vendor/justinrainbow/json-schema/.gitattributes
/extensions/Math/.gitignore
phpunit:
/extensions/Kartographer/tests/phpunit/*
vendor:
/extensions/Kartographer/vendor/*
.sql:
/extensions/Math/db/*.sql
Here are some reference about these exposures:
https://iosentrix.com/blog/git-source-code-disclosure-vulnerability/
https://stackoverflow.com/questions/11078572/should-i-use-phpunit-in-a-staging-production-environment
bolt/bolt#375
wp-cli/doctor-command#98
If you want, I can also help fix them. Please let me know what you think. Thanks!
Best,
~cf
The text was updated successfully, but these errors were encountered: