HackerTrans
TopNewTrendsCommentsPastAskShowJobs

kiyell

no profile record

Submissions

The Harmless Pi-Hole Bug

kiyell.com
56 points·by kiyell·2 lata temu·41 comments

comments

kiyell
·2 lata temu·discuss
OP here, it's been interesting seeing people's view of this. I wanted to clarify two things.

The bug here is that unauthenticated users can change a setting that only an administrator should be able to. The maintainers acknowledged the bug and accepted a patch to fix it.

Is changing the temperature unit shown on a dashboard a serious problem? No. But it is a problem and one that could be classified as a security issue.

What's the point of the CVE assignment? Well it creates a public record of this flaw and helps Pi-hole administrators make their own decisions (patch / ignore). It also puts the issue in the hands of other security researchers. For example, is there a possibility of using this vulnerability to conduct a DoS attack? I didn't test this and have moved on to other things but others can.