Title: Users can read sensitive information · Issue #568 · rabbitstack/fibratus · GitHub
Open Graph Title: Users can read sensitive information · Issue #568 · rabbitstack/fibratus
X Title: Users can read sensitive information · Issue #568 · rabbitstack/fibratus
Description: Problem Normal (low privileged) users can read: Config/fibratus.yml Logs/fibratus.txt A local attacker is able to gain access to potentially sensitive information (confidentiality). Solution Remove read permissions for users (non-admins)...
Open Graph Description: Problem Normal (low privileged) users can read: Config/fibratus.yml Logs/fibratus.txt A local attacker is able to gain access to potentially sensitive information (confidentiality). Solution Remove...
X Description: Problem Normal (low privileged) users can read: Config/fibratus.yml Logs/fibratus.txt A local attacker is able to gain access to potentially sensitive information (confidentiality). Solution Remove...
Opengraph URL: https://github.com/rabbitstack/fibratus/issues/568
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Users can read sensitive information","articleBody":"**Problem**\n\nNormal (low privileged) users can read: \n* Config/fibratus.yml\n* Logs/fibratus.txt\n\n\u003cimg width=\"615\" height=\"455\" alt=\"Image\" src=\"https://github.com/user-attachments/assets/c2901ade-0906-4bdb-a462-009955844fc6\" /\u003e\n\n\u003cimg width=\"689\" height=\"450\" alt=\"Image\" src=\"https://github.com/user-attachments/assets/06a94f34-994c-4525-8633-c6c1bd8aaeaa\" /\u003e\n\nA local attacker is able to gain access to potentially sensitive information (confidentiality). \n\n**Solution**\n\nRemove read permissions for users (non-admins) for the mentioned files.\n\n\n**Additional context**\n\nWhile not necessarily a security vulnerability, it is best practice to not give the attacker access to EDR logs\n. E.g. Defender will only show alert summaries in its UI, but need admin to look at the details. Defender Log files are not readable (`C:\\ProgramData\\Microsoft\\Windows Defender\\Support`).\n\nNote that Defender Windows Events are also user-readable for some reason (`Application and Service Logs/Microsoft/Windows/Windows Defender/operational`). So placing fibratus events in `Windows Logs/Application` is okish. ","author":{"url":"https://github.com/dobin","@type":"Person","name":"dobin"},"datePublished":"2026-01-23T15:38:43.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":2},"url":"https://github.com/568/fibratus/issues/568"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:b26640bc-2c6c-076a-d238-19f293e67475 |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | C132:2CE60F:19D78DF:2383D5B:6A4C0A9D |
| html-safe-nonce | 023df548d2f4086e711b38a9c58c108b3e7d87e6fd73e5c978ced9df7addd038 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJDMTMyOjJDRTYwRjoxOUQ3OERGOjIzODNENUI6NkE0QzBBOUQiLCJ2aXNpdG9yX2lkIjoiNDczNzI5MDYzNzk3NTIyNzAzNyIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9 |
| visitor-hmac | 1670d05ddadfb23ff9316808319f47de3b2e1532616c3a4752b6ec45eb0e9c8e |
| hovercard-subject-tag | issue:3847993701 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/rabbitstack/fibratus/568/issue_layout |
| twitter:image | https://opengraph.githubassets.com/4f0ce77deb47c972221ea0a18caab8ea49dcb63e2301ff2fb6a123c4271f054a/rabbitstack/fibratus/issues/568 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/4f0ce77deb47c972221ea0a18caab8ea49dcb63e2301ff2fb6a123c4271f054a/rabbitstack/fibratus/issues/568 |
| og:image:alt | Problem Normal (low privileged) users can read: Config/fibratus.yml Logs/fibratus.txt A local attacker is able to gain access to potentially sensitive information (confidentiality). Solution Remove... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | dobin |
| hostname | github.com |
| expected-hostname | github.com |
| None | 940b0dbb4d0fe72558ee760b2ff0f25a504383fdfe404f3a7691ec853b8dc17f |
| turbo-cache-control | no-preview |
| go-import | github.com/rabbitstack/fibratus git https://github.com/rabbitstack/fibratus.git |
| octolytics-dimension-user_id | 11174375 |
| octolytics-dimension-user_login | rabbitstack |
| octolytics-dimension-repository_id | 54714794 |
| octolytics-dimension-repository_nwo | rabbitstack/fibratus |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 54714794 |
| octolytics-dimension-repository_network_root_nwo | rabbitstack/fibratus |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | b0267d17ea43e55446153a7e2c60bb6ac3cffd6b |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width