Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
[CVE-2019-12105] Unauthenticated user can read log files or restart a service #1245
Luan Souza (email@example.com) wrote in email:
Supervisor requires that a configuration file be created before
Our packages only provide a command,
I do not think this should have been a CVE. The ability to run an open server will not be removed because users often use it for local development. However, an additional warning message was added to the documentation.
Note: Supervisor is re-packaged for various distributions. Those packages are created by others who are not involved with the Supervisor project. Those packages may contain changes such as code modifications, init scripts, or included configuration files. We have no way to know what all the various third party packages do with regards to this issue, and only they can change their packages.