Uploaded image for project: 'Observability and Data Analysis Program'
  1. Observability and Data Analysis Program
  2. OBSDA-232

Cross Origin Resource Sharing protection for the OpenShift Web Console

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • None
    • PM Monitoring
    • 0

      1. Proposed title of this feature request
      Ensure Cross Origin Resource Sharing protection headers are present for the OpenShfit Web Console.

      2. What is the nature and description of the request?
      Currently, there is minimal protection for CORS in the OpenShift Web Console

      CORS allows resources to be requested from another domain outside the domain from which the resource originated.

      The absence of this has been known to be used with social-engineering/phishing to utilize existing session token on different website and cause users to issue malicious requests to the application without the users knowledge.

      Impact
      Exploitation of this vulnerability allows attackers to issue requests to the application on behalf of users and perform various tasks within the application.

      3. Why does the customer need this? (List the business requirements here)
      To increase the security of their platform

      4. List any affected packages or components.
      OpenShift Web Console.

            rh-ee-rfloren Roger Florén
            rh-ee-rfloren Roger Florén
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated: