Skip to content

quickFix: invalid config in "Feat(nginx): Add support for IPv6"#12916

Merged
Maffooch merged 1 commit into
DefectDojo:bugfixfrom
kiblik:revert_12710
Aug 7, 2025
Merged

quickFix: invalid config in "Feat(nginx): Add support for IPv6"#12916
Maffooch merged 1 commit into
DefectDojo:bugfixfrom
kiblik:revert_12710

Conversation

@kiblik

@kiblik kiblik commented Aug 4, 2025

Copy link
Copy Markdown
Contributor

This reverts commit e9d9872.

@kiblik kiblik changed the title fix: invalid config in "Feat(nginx): Add support for IPv6" quickFix: invalid config in "Feat(nginx): Add support for IPv6" Aug 4, 2025
@dryrunsecurity

dryrunsecurity Bot commented Aug 4, 2025

Copy link
Copy Markdown

DryRun Security

This pull request introduces two security vulnerabilities in the Nginx configuration: it removes HTTPS redirection, potentially exposing unencrypted traffic, and eliminates the server_name directive, which could enable host header injection and improper request routing.

Insecure Communication (Missing HTTPS Redirection) in nginx/nginx_TLS.conf
Vulnerability Insecure Communication (Missing HTTPS Redirection)
Description The return 301 https://$host:8443$request_uri; directive, which previously enforced HTTP to HTTPS redirection for traffic on port 8080, has been removed from the nginx_TLS.conf file. This allows unencrypted HTTP communication to the server, potentially exposing sensitive data to eavesdropping or man-in-the-middle attacks.

}
server {
listen 8080;
location / {
return 301 https://$host:8443$request_uri;
}

Host Header Injection / Misconfiguration in nginx/nginx_TLS.conf
Vulnerability Host Header Injection / Misconfiguration
Description The removal of the server_name directive from the SSL server block on port 8443 in nginx_TLS.conf causes this server block to become the default server for any request to that IP address and port that does not match another specific server_name. This is a misconfiguration that can lead to Host Header Injection if the backend application relies on the Host header for security-sensitive operations (e.g., generating URLs for password resets, redirects, or session management). It could also lead to requests intended for other virtual hosts being incorrectly routed to this one, potentially bypassing security controls tied to specific server_name directives.

server {
server_tokens off;
listen 8443 ssl;
server_name your.servername.com;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;


All finding details can be found in the DryRun Security Dashboard.

@mtesauro mtesauro left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@valentijnscholten valentijnscholten added this to the 2.49.1 milestone Aug 5, 2025
@Maffooch Maffooch merged commit 84d149e into DefectDojo:bugfix Aug 7, 2025
85 checks passed
@kiblik kiblik deleted the revert_12710 branch August 7, 2025 06:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants