云
5h ago

Is this a CVE?

hi, i have some question about reporting a vuln. basically i found a vuln that gives the attacker root access, however it requires some misconfigured proxy or just SSRF with post, should i just report it? does this count as a CVE? ig ill just follow the instructions on their security page? (this is a git repo) havnt done this before so any advice is welcome
11 Replies
云
OP4h ago
i verified that it works
w33t
w33t4h ago
Yes, if it's a configuration that could be justifiably expected in the wild, I'd call it a CVE @WanderingPacket might be a gooder resource idk
云
OP4h ago
can i talk about the specifics here?
w33t
w33t4h ago
Yeah, that's fine, it's for legitimate purposes and you're reporting it. But if it's a wide-spread thing that likely would cause a problem if it was more widely known, I might suggest against it
comptia guninvalid+ certified
comptia guninvalid+ certified4h ago
if you want
云
OP4h ago
it has 30k+ stars on github basically its a web ui AIO for home servers
w33t
w33t4h ago
Ahhh so likely not publicly available
云
OP4h ago
it would be expected to have reverse proxies
w33t
w33t4h ago
If you wanna DM it to me, I'll check it out on Shodan and Censys
云
OP4h ago
ok ill dm you 😭 wait can you even find my DM
SkyTrashPanda
SkyTrashPanda4h ago
I’m around if you’d like me to take a look as well Even in a sea of messages, I’m sure he can find it in his inbox lol

Did you find this page helpful?