docker-bookstack icon indicating copy to clipboard operation
docker-bookstack copied to clipboard

Published 20 hours ago verified publisher icon solidnerd

About security issues

Open RichardMinm opened this issue 1 year ago • 4 comments

I noticed that after starting the container, the version number of PHP is not hidden, and the version number of Apache can also be found, which will lead to the leakage of sensitive information and cause security problems.

RichardMinm avatar Oct 12 '22 09:10 RichardMinm

Where exactly do you see the version numbers? And, as far as I know, the web server version is not really sensitive information, and there are many ways to get at least the Apache version. Why are you concerned about that?

HJF9w avatar Oct 12 '22 11:10 HJF9w

If you use the Wappalyzer plugin for the Chrome browser, you should be able to easily get the version information of some middleware on the BookStack site (I just confirmed it again, it seems that the Apache version number is hidden, but the PHP version number is still exposed. Yes, it may be 8.1.6), as for why I am very sensitive to leaking version information, you can easily find the relevant vulnerabilities of the middleware through the version number of the middleware and launch an attack, and hiding the version number can delay the attack as much as possible. case of attack. May be I'm too sensitive, but I think this should be fixed.

RichardMinm avatar Oct 13 '22 03:10 RichardMinm

Well yes and no, wait until you find out that nmap can sometimes pretty accurately guess which os you're running. Jokes aside, sure knowing what you are running makes a possible attack easier, but instead of hiding you should rather actually fix bugs and vulnerabilities. I am not a dev on this project, just following to stay up to date with the applications I am using, so you will have to wait for someone who knows what he is doing, to get actual help ^^

HJF9w avatar Oct 13 '22 08:10 HJF9w

From my experience, most web-based containers are served via some level of proxy such as nginx. As a suggestion, if you are using such as proxy, you could remove such headers at that level.

you can easily find the relevant vulnerabilities of the middleware through the version number of the middleware and launch an attack, and hiding the version number can delay the attack as much as possible.

Also from experience, bad actors will attempt attacks regardless. Sure, could help against some specific types of attack (where targeted and resources are required) but it's getting in the area of unlikely-hoods and diminishing returns.

ssddanbrown avatar Oct 13 '22 16:10 ssddanbrown