Harsh Joshi reported that our server configuration set too verbose logging and error reporting levels, which led to disclosing the full path of executing code were exceptions were thrown. This led to disclosing information where executing code is located and how this is executed, which may be used for more directed attacks. We have therefore changed the configuration to stricter error reporting.
This issue only affected the website.
We would like to thank Harsh Joshi for using responsible disclosure and making The Things Network a safer place.
Posted Oct 31, 2019 - 11:20 CET
This incident affected: Global Services (Website (www.thethingsnetwork.org)).