📰 2026-03-14 07:00 更新
🔸 I Found 39 Algolia Admin Keys Exposed Across Open Source Documentation Sites / 我发现39个Algolia管理密钥在开源文档网站上暴露
🔗 I Found 39 Algolia Admin Keys Exposed Across Open Source Documentation Sites
🔥 8 points
原文:
Last October I reported an exposed Algolia admin API key on vuejs.org. The key had full permissions: addObject, deleteObject, deleteIndex, editSettings, the works. Vue acknowledged it, added me to their Security Hall of Fame, and rotated the key. That should have been the end of it. But it got me thinking: if Vue.js had this problem, how many other DocSearch sites do too? Turns out, a lot. How Algolia DocSearch works Algolia’s DocSearch is a free search service for open source docs. They craw…
译文:
去年10月,我在vuejs.org上报告了一个暴露的Algolia管理API密钥。密钥具有完整权限: addObject、deleteObject、deleteIndex、editSettings、works。Vue承认了这一点,把我加入了他们的安全名人堂,并旋转了钥匙。这应该已经结束了。但它让我想到:如果Vue.js有这个问题,还有多少其他DocSearch网站也有这个问题?原来,很多。Algolia DocSearch的工作原理Algolia的DocSearch是免费的 搜索开源文档的服务。他们抓取…
自动更新 · 正文抓取 · 双语翻译