Even with authorized_keys
is filled with allowed pubkeys, If noscraper
is enabled, It will allow anyone to use bouncer even it's pubkey is not in authorized_keys
.
Available on version 3.0.10
Disable noscraper
if you have authorized_keys
being set in config
This line of code is the cause.
{ "nvd_published_at": "2024-08-01T17:16:09Z", "cwe_ids": [ "CWE-285" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-08-02T01:20:13Z" }