Access deny to "https://ipaddr:8006/pve2/js/pmgmanagerlib.js"

[ethiohab]

Dear all,
This page ("https://ipaddr:8006/pve2/js/pmgmanagerlib.js") contains a java script file licking information about the super users and Roles of users of the Proxmox mail gateway is accessible from outside . This information can be used to launch further attacks against the Proxmox mail gateway.
Please help me, to Deny access to this page (https://ipaddr:8006/pve2/js/pmgmanagerlib.js). Thank you.

 

[dietmar]

This is no information leak! This information does not allow any attacks against the Proxmox mail gateway.

 

[ethiohab]

Dear all,
This page ("https://ipaddr:8006/pve2/js/pmgmanagerlib.js") contains a java script file licking information about the super users and Roles of users of the Proxmox mail gateway is accessible from outside . This information can be used to launch further attacks against the Proxmox mail gateway.
Please help me, to Deny access to this page (https://ipaddr:8006/pve2/js/pmgmanagerlib.js). Thank you.

 

[ethiohab]

Dear Dietmar,
Users and role of users information should not be accessible to public (non authorized users). Because, this information can be used to launch further attacks.

 

[dcsapak]

Users and role of users information should not be accessible to public (non authorized users). Because, this information can be used to launch further attacks.

the software is open source and the roles are fixed, what is the security issue here?

edit: here is the relevant source:

https://git.proxmox.com/?p=pmg-gui....ae9e4202ec7208c9b9d6;hb=refs/heads/master#l42

 

[ethiohab]

Thank you all.