Logo
Explore Help
Register Sign In
azcomputerguru/guru-connect
1
0
Fork 0
You've already forked guru-connect
Code Issues 18 Pull Requests Actions Packages Projects Releases 2 Wiki Activity
Labels Milestones New Issue
18 Open 0 Closed
Label
Use alt + click/enter to exclude labels
All labels No label
component:agent

component:dashboard

component:server

security

severity:critical

severity:high

Milestone
All milestones No milestones
Project
All projects No project
Author
All users
Assignee
Assigned to nobody Assigned to anybody
azcomputerguru
Sort
Newest Oldest Most recently updated Least recently updated Most commented Least commented Nearest due date Farthest due date
Label
18 Open 0 Closed
Label
Clear labels
component:agent
component:dashboard
component:server
security
severity:critical
severity:high
Milestone
No milestone
Projects
Clear projects
Assignee
Clear assignees
No assignee
azcomputerguru
[H8] cak_ store ACL set via bare icacls (PATH search) from SYSTEM -> LPE; silent weaker store on failure component:agent security severity:high
#22 opened 2026-06-05 17:35:59 -07:00 by azcomputerguru
[H7] Attended-consent MessageBoxW awaited inside agent main loop -> up to ~60s of no heartbeats/stop processing component:agent security severity:high
#21 opened 2026-06-05 17:35:54 -07:00 by azcomputerguru
[H6] Dashboard JWT in sessionStorage, blindly attached as Bearer, no exp/refresh/idle-timeout component:dashboard security severity:high
#20 opened 2026-06-05 17:35:49 -07:00 by azcomputerguru
[H5] Server does not block self-role-demotion (only self-delete); lockout guard is client-only component:dashboard component:server security severity:high
#19 opened 2026-06-05 17:35:45 -07:00 by azcomputerguru
[H4] token_blacklist cleanup_expired re-verifies every JWT signature; stores whole tokens in RAM component:server security severity:high
#18 opened 2026-06-05 17:35:38 -07:00 by azcomputerguru
[H3] revoke_user_tokens is a 501 stub whose comment claims partial behavior component:server security severity:high
#17 opened 2026-06-05 17:35:33 -07:00 by azcomputerguru
[H2] Bootstrap admin plaintext password written to .admin-credentials + info! log fallback component:server security severity:high
#16 opened 2026-06-05 17:35:28 -07:00 by azcomputerguru
[H1] No rate-limit/lockout on the login path component:server security severity:high
#15 opened 2026-06-05 17:35:23 -07:00 by azcomputerguru
[C5] Auto-update verified only by SHA-256 over same channel, no signature -> fleet-wide SYSTEM RCE on MITM component:agent security severity:critical
#14 opened 2026-06-05 17:35:20 -07:00 by azcomputerguru
[C4] Agent block_in_place/Handle::block_on in main async session loop -> thread-starvation/deadlock component:agent security severity:critical
#13 opened 2026-06-05 17:35:11 -07:00 by azcomputerguru
[C3] downloads.rs body().unwrap() on attacker-controlled Content-Disposition filename -> unauthenticated panic/DoS component:server security severity:critical
#12 opened 2026-06-05 17:35:05 -07:00 by azcomputerguru
[C2] Unauthenticated downloads.rs: hardcoded prod relay URL + default API-key fallback + false support-embedding docstring component:server security severity:critical
#11 opened 2026-06-05 17:35:00 -07:00 by azcomputerguru
[C1] Secrets/tokens in WebSocket URL query strings component:agent component:dashboard security severity:critical
#10 opened 2026-06-05 17:34:55 -07:00 by azcomputerguru
SPEC-018 review: deferred hardening follow-ups (hot-path unwraps, panic-guard scope, nits)
#8 opened 2026-06-03 15:13:55 -07:00 by azcomputerguru
Bump version to 0.2.0 after security changes stabilize
#4 opened 2025-12-30 08:33:55 -07:00 by azcomputerguru 0 / 6
Document and implement AGENT_API_KEY for persistent agents
#3 opened 2025-12-30 08:32:35 -07:00 by azcomputerguru
Duplicate machines in database need cleanup
#2 opened 2025-12-30 08:31:35 -07:00 by azcomputerguru
Native viewer protocol URL parsing needs testing
#1 opened 2025-12-30 08:31:06 -07:00 by azcomputerguru
Powered by Gitea Version: 1.25.2 Page: 49ms Template: 11ms
English
Bahasa Indonesia Deutsch English Español Français Gaeilge Italiano Latviešu Magyar nyelv Nederlands Polski Português de Portugal Português do Brasil Suomi Svenska Türkçe Čeština Ελληνικά Български Русский Українська فارسی മലയാളം 日本語 简体中文 繁體中文(台灣) 繁體中文(香港) 한국어
Licenses API