Hello there, Is there any update on this?
On Fri, 7 Aug 2020, 12:30 am Parshwa Bhavsar, <parshwabhavsar2...@gmail.com> wrote: > Hello There, > I am Parshwa Bhavsar. > I have found a Vulnerability called "Sensitive Information Disclosure". > > Report :- > > Description :- > > A malicious user can have access to some admin data through this > vulnerability. > This vulnerability is also called "Directory Listening". > > > Vulnerable URL :- > > http://ftp.debian.org/debian/pool/main/n/nautilus-admin/ > > > Steps to reproduce :- > > Open the vulnerable URL in your browser , you will notice that some of the > admin files have been publicly accessed. > > PoC :- > Attached ScreenShot. > > > Impact :- > > A malicious user will use this information to plan furthermore attacks. > It also refers to data leak to the non-authorized party. > > > Mitigation:- > > Restrict non-authorized users to access this file. > > Hope, You will patch it soon :) > > Thanks & Regards, > Parshwa Bhavsar > >