Take over subdomain undici.nodejs.org.cdn.cloudflare.net

Hello, this is a pretty serious security issue in some contexts, so please act as soon as possible Summary: I just went to undici.nodejs.org, and I've also checked the IP of the main domain it goes to cdn.cloudflare.net which means if it's not added it can be added to any github account your subdomain should be added to your account so shows the URL you selected. This vulnerability is called subdomain takeover •Remove CNAME records from DNS zone completely Poc http://undici.nodejs.org.cdn.cloudflare.net/ ## Impact Subdomain takeovers are abused for several purposes: Malware distribution •Phishing / Spear phishing •XSS •Bypass authentication •... The list goes on and on. Since some certificate authorities (Let's Encrypt) only require domain verification, SSL certificates can be generated easily. Regards Algisec1337