/data directory is exposed #3516

New Issue

MrUnknownDE · 2026-04-06T04:56:47+02:00

MrUnknownDE commented

2026-04-06 04:56:47 +02:00

Originally created by @carlchan on 3/6/2019

Looks like the default rocket config exposes the /data directory, allowing download of the db.sqlite3 password database. While everything in it is encrypted, that doesn't seem like a good idea.

reproduce via going directly to
https://bitwarden_rs.domain/data/db.sqlite3

*Originally created by @carlchan on 3/6/2019* Looks like the default rocket config exposes the /data directory, allowing download of the db.sqlite3 password database. While everything in it is encrypted, that doesn't seem like a good idea. reproduce via going directly to https://bitwarden_rs.domain/data/db.sqlite3

MrUnknownDE closed this issue

2026-04-06 04:56:47 +02:00

Sign in to join this conversation.

No Label troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting troubleshooting

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/vaultwarden#3516