bug: Risk of leaking the scan result files

[confd0]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

The huntr.com link for reNgine is down, and email is not responsed. so I put it here.

I just install reNgine v2.0.3 and find a nginx config file: https://github.com/yogeshojha/rengine/blob/f362189c9b253fd38c7c17c08e5cfc87aee0bfaf/config/nginx/rengine.conf

look like I can read any scan results file from other rengine site if I know the file names, and the files names can be brute force:

Expected Behavior

non-login user should not have privilege to read scan result files

Steps To Reproduce

brute force https://rengine_example.com/media/<domain>_<int>/subdomains_sublister.txt , change <domain> and <int> to fuzz.

Environment

- reNgine: 2.0.3
- OS: Linux
- Python: 
- Docker Engine: 
- Docker Compose: 
- Browser:

Anything else?

No response

[github-actions]

👋 Hi @confd0,
Issues is only for reporting a bug/feature request. Please read documentation before raising an issue https://rengine.wiki
For very limited support, questions, and discussions, please join reNgine Discord channel: https://discord.gg/azv6fzhNCE
Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.

[0xtejas]

Maybe x-accel-redirect from Nginx helps?

[yogeshojha]

@confd0 Excellent one, thank you for reporting this.

@0xtejas Thanks for X-Accel-Redirect

@confd0 Feel free to test these changes and let me know if you need any help disclosing this or filing CVE. Thanks