You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Bostr Improper Authorization vulnerability
Moderate severity
GitHub Reviewed
Published
Aug 1, 2024
in
Yonle/bostr
•
Updated Aug 2, 2024
Even with authorized_keys is filled with allowed pubkeys, If noscraper is enabled, It will allow anyone to use bouncer even it's pubkey is not in authorized_keys.
Even with
authorized_keys
is filled with allowed pubkeys, Ifnoscraper
is enabled, It will allow anyone to use bouncer even it's pubkey is not inauthorized_keys
.Impact
Patches
Available on version 3.0.10
Workarounds
Disable
noscraper
if you haveauthorized_keys
being set in configReferences
This line of code is the cause.
References