Critical vulnerability in frontend #158
M03ED
announced in
Announcements
Replies: 1 comment
-
|
I want to be clear: this bug was caused by a decision I made. I had an ofetch middleware that attached a JWT token when sending requests to the donation site. We didn’t have logging in place at the time, so there’s nothing to prove it technically. That said, I fully take responsibility for it—this is based on my direct knowledge of the code, not speculation. In final word we care about privacy and if we see single vulnerability we fix it as soon as we find it |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
In the past hour, we found a security issue in the panel frontend that will send JWT tokens to https://donate.pasarguard.org unwanted. There is nothing to worry about since none of that data has been captured by the server, but if you want to be sure and safe, reset the admin passwords. Make sure to update your panel to avoid any risk.
در طول ساعت گذشته، ما یک مشکل امنیتی در رابط کاربری پنل پیدا کردیم که باعث ارسال توکن های JWT به آدرس https://donate.pasarguard.org بدون دلیل میشود. نگران نباشید، زیرا هیچ یک از این اطلاعات توسط سرور دریافت نشده است، اما اگر میخواهید مطمئن شوید، رمزهای عبور ادمین ها را تغییر دهید. حتماً پنل خود را بهروزرسانی کنید تا از هر گونه ریسک جلوگیری کنید.
В течение прошлого часа мы обнаружили проблему безопасности в интерфейсе панели, которая отправляет JWT токены на https://donate.pasarguard.org без необходимости. Не о чем беспокоиться, так как ни один из этих данных не был захвачен сервером, но если вы хотите быть уверены и безопасны, сбросьте пароли администраторов. Обязательно обновите вашу панель, чтобы избежать любого риска.
Beta Was this translation helpful? Give feedback.
All reactions