You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This vulnerability allowed the download of the source code and the SQLite database running the Open Front End.
Impact
An attacker can exfiltrate files of the webserver, leaking the secret token was not possible yet because the .secret_key file resides two directory levels above, making accessing it through the path traversal not possible.
Summary
There was a Arbitrary File Read vulnerability in https://github.com/GoogleCloudPlatform/hpc-toolkit/raw/main/community/front-end/ofe/website/nginx.conf.
This vulnerability allowed the download of the source code and the SQLite database running the Open Front End.
Impact
An attacker can exfiltrate files of the webserver, leaking the secret token was not possible yet because the .secret_key file resides two directory levels above, making accessing it through the path traversal not possible.