Skip to content

v4.4.24

Choose a tag to compare

View all tags
@xalgord xalgord released this 29 May 14:35
· 76 commits to main since this release
v4.4.24
b867fba

Security Fix

  • fix: block agent from self-scanning its own server public IP on any port

The scope guard only blocked the server's public IP when the probed port matched the dashboard listener port. The agent could self-scan SSH (:22), Grafana (:9999), CUPS (:631), and other services on its own host during target enumeration.

Fix

ipsMatchLocalInterface now runs unconditionally — any IP matching a local network interface is blocked regardless of port.

Tests

4 new regression tests added for self-host public IP blocking on non-dashboard ports.

Assets 3
Loading