Sensitive Endpoint Discloser

Komal_Raval · May 17, 2023, 1:20pm

Hi all,
Currently i am founding one issue related to the security facing below issue
when we remove everything from url and fire direct request to “/api/user/v1/” endpoint
we get following json data which disclose sensitive endpoints existing on API
{
“users”: “http://localhost:18000/user_api/v1/users/”,
“user_prefs”: “http://localhost:18000/user_api/v1/user_prefs/”
}

I just want to know that why this API show the below response and where is the view of this api url to know the exact reason behind this.
as i want to throw 403 for this api response as i want to authenticate API.
so please guide me on what can I do. Thanks in Advance

ghassan · May 17, 2023, 7:04pm

Humm, why do you think those are sensitive?, For example I can know many endpoints by checking browser development console, and see url of each request. And assuming we hide it around auth, those endpoints would be known if someone is autheticated and checks their dev console.

Also many endpoints would be knows by just going to https://courses.edx.org/api-docs/ , or just see the source code

robrap · May 17, 2023, 7:48pm

Similar to @ghassan, I don’t think this is a security concern, additionally because the code is open source.

I think this is probably coming from the default functionality of WebTransaction/Function/rest_framework.routers:APIRootView.get.

Komal_Raval · May 26, 2023, 5:18am

@ghassan @robrap thanks for the insightful post!

Topic		Replies	Views
/api/user/v1/accounts/replace_usernames/ Development api , how-to , tutor , nutmeg	1	215	July 18, 2023
User management API? Development api , how-to , ecommerce	2	815	May 4, 2021
401 unauthorized in frontend development Development tutor , mfe , tutor-mfe	1	72	February 27, 2024
safeCookieData? Development	1	145	June 6, 2023
Access Open edX api's from frontend/postman using tutor Development tutor	3	542	August 19, 2022

Sensitive Endpoint Discloser

Related Topics