TDengine Vulnerability identified in TDengine - information disclosure from pprof

Vulnerability identified in TDengine - information disclosure from pprof

Open zzzzhhhhuuuu opened this issue 10 months ago • 4 comments

Uploadin
Snipaste_2024-04-10_15-23-17
g image.png…

Apr 10 '24 07:04 zzzzhhhhuuuu

风险描述为：【Go语言的 net/http/pprof 包如未配置正确暴露在公网容易引起敏感信息泄漏问题，导致源码等信息泄漏。】推荐解决方案：【参考官方规范禁止将调试信息暴露在公网】没搞懂啥意思

Apr 10 '24 07:04 zzzzhhhhuuuu

被扫描到的是6041端口

Apr 11 '24 02:04 zzzzhhhhuuuu

我们看下，请等待答复

Apr 12 '24 05:04 yu285

@zzzzhhhhuuuu 在配置文件 /etc/taos/taosadapter.toml 中修改 debug = false 将关闭 pprof

Apr 12 '24 07:04 huskar-t