quickFix: invalid config in "Feat(nginx): Add support for IPv6"#12916
Merged
Conversation
This reverts commit e9d9872.
|
This pull request introduces two security vulnerabilities in the Nginx configuration: it removes HTTPS redirection, potentially exposing unencrypted traffic, and eliminates the
Insecure Communication (Missing HTTPS Redirection) in
|
| Vulnerability | Insecure Communication (Missing HTTPS Redirection) |
|---|---|
| Description | The return 301 https://$host:8443$request_uri; directive, which previously enforced HTTP to HTTPS redirection for traffic on port 8080, has been removed from the nginx_TLS.conf file. This allows unencrypted HTTP communication to the server, potentially exposing sensitive data to eavesdropping or man-in-the-middle attacks. |
django-DefectDojo/nginx/nginx_TLS.conf
Lines 20 to 25 in 0466075
Host Header Injection / Misconfiguration in nginx/nginx_TLS.conf
| Vulnerability | Host Header Injection / Misconfiguration |
|---|---|
| Description | The removal of the server_name directive from the SSL server block on port 8443 in nginx_TLS.conf causes this server block to become the default server for any request to that IP address and port that does not match another specific server_name. This is a misconfiguration that can lead to Host Header Injection if the backend application relies on the Host header for security-sensitive operations (e.g., generating URLs for password resets, redirects, or session management). It could also lead to requests intended for other virtual hosts being incorrectly routed to this one, potentially bypassing security controls tied to specific server_name directives. |
django-DefectDojo/nginx/nginx_TLS.conf
Lines 32 to 37 in 0466075
All finding details can be found in the DryRun Security Dashboard.
valentijnscholten
approved these changes
Aug 5, 2025
dogboat
approved these changes
Aug 5, 2025
Maffooch
approved these changes
Aug 7, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This reverts commit e9d9872.