Opened 4 years ago

Closed 3 years ago

#13402 closed Bug (expired)

Application Error Disclosure

Reported by: holly Owned by:
Priority: Normal Milestone:
Component: General Version:
Keywords: Cc:

Description

Details of some of our error messages are being exposed publically which could potentially allow hackers to have insight into the location of flies on our site. Has this bug been identified? (I could not find anything on the search). It seems to be most common in Chrome. Also, we are not on the most current version of CKEditor. Would upgrading resolve this issue?

Change History (4)

comment:1 Changed 4 years ago by holly

Just one other note. If it helps, we are getting ready for Salesforce Security Review and this error was identified by the Zap scanner recommended by Salesforce.

comment:2 Changed 4 years ago by Jakub Ś

Status: newpending

Details of some of our error messages are being exposed publically which could potentially allow hackers to have insight into the location of flies on our site.

Could you explain in more detail (also provide some screen-shot) what errors and details you talk about? If you mean some exception being thrown in e.g. Firebug then we don't have influence on what it shows. Code is minimized but such tool can always show path to it (especially if that file is available in browser).

comment:3 Changed 4 years ago by Wiktor Walc

First of all, please do not report security issues on the public bug tracker (if you believe you found any), use the contact form instead and provide as many details as possible regarding the issue you are trying to report.

Keep in mind that when you try out applications like CKEditor or CKFinder you should setup a local web server and access them through some domain, you should not load them directly from local file system (using file:// in the address bar) because this is not the way how the application will be used in a production environment.

Last edited 4 years ago by Wiktor Walc (previous) (diff)

comment:4 Changed 3 years ago by Jakub Ś

Resolution: expired
Status: pendingclosed
Note: See TracTickets for help on using tickets.
© 2003 – 2019 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy