Issue composer Advisories shows wrong content and packages

[cool_sh]

Server operating system version

AlmaLinux

Plesk version and microupdate number

Plesk Obsidian 18.0.75 Update 1 + Composer Advisories 1.0.4

The "Composer Advisories" extension shows packages and paths which are related to a different customer.
Affected is subdomain where a WordPress site is installed but no Composer at all.

Composer Advisories shows the information: Composer.json isn't installed and vunerable packages
and 4 paths beginning with /../path-to-a-different-user

I checked the permissions (chmod and chown), these are correct for those folders and belonging to that user.

On 3 other domains, each in different accounts as well it is correct.

 

[Sebahat.hadzhi]

Hi, @cool_sh . The notice about vulnerable packages typically also contains domain/subdomain is that also incorrect or only the paths?

 

[cool_sh]

The user who was notified owns this subdomain. That is correct but the paths mentioned invl. the packages was wrong.

 

[Sebahat.hadzhi]

Thank you for the confirmation. Could you please execute the following command and let us know what it returns:

grep -i "extension/composer" /var/log/plesk/panel.log

 

[cool_sh]

I would like to avoid making the data public. There are for some domains a message saying "Could not allow integration plugin for ...
But I don't think that has anything to do with it.

 

[Sebahat.hadzhi]

Thank you. Could you please confirm if there are any mentions of the subdomain in question?

 

[cool_sh]

No, the subdomain for which information about vulnerable packets is reported has no matches there. And the entries go back quite a while.

 

[Sebahat.hadzhi]

Thank you for the confirmation. Do the packages exist under the mentioned paths? If not, what I can suggest is to try re-installing the extension as the issue might be due to a corruption of its files. If that's not the case, it will be best to open a support ticket for further investigation on the server.