Security: Able to access to acme private key from get http API request #3651
Labels
area/acme
kind/bug/confirmed
a confirmed bug (reproducible).
priority/P1
need to be fixed in next release
status/5-frozen-due-to-age
Milestone
Do you want to request a feature or report a bug?
Bug
What did you do?
Request the API simply through dashboard URL with
/api
show me the content of the acme.json letsencrypt file (the private key)https://monitor.company.com/api
What did you expect to see?
Nothing or at least not my acme private key.
What did you see instead?
My private key
Output of
traefik version
: (What version of Traefik are you using?)What is your environment & configuration (arguments, toml, provider, platform, ...)?
The text was updated successfully, but these errors were encountered: