[tor-bugs] #22947 [Webpages/Blog]: Possible Security Issue (Information Disclosure) with Drupal on blog.torproject.org
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Jul 16 06:27:03 UTC 2017
#22947: Possible Security Issue (Information Disclosure) with Drupal on
blog.torproject.org
-------------------------------+----------------------
Reporter: cypherpunks | Owner: hiro
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Webpages/Blog | Version:
Severity: Normal | Keywords: security
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------------+----------------------
When loading https://blog.torproject.org/blog/tor-0312-alpha-out-notes-
about-0311-alpha, a Drupal warning appeared at the top of the page that
looked something like:
Warning: Drupal mkdir() failed directory already exists, etc. etc.
Encountered around 06:00-06:10 UTC. I apologize for the vague wording, but
I was an idiot and forgot to take a screenshot. The error appeared after
the tab was reloaded from a previous Firefox session, and disappeared
after I refreshed the page. The warning message contained directory/path
names that appeared at least slightly sensitive. I don't think that
displaying server-side error messages to a client is intended behavior,
either...
Apologies if this is the wrong channel for reporting this. I looked for an
email address for security issues, but the Contact page says to "email the
respective maintainer" (???). I'm not familiar with who maintains the
blog, and it doesn't seem very high-risk or reproducible, so I'll leave a
comment on the blog directing someone here.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22947>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list