Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-24186

ODF Dynamic plugin should not expose Server header

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Major
    • 4.16.0
    • 4.12.z
    • Management Console
    • None
    • Important
    • No
    • False
    • Hide

      None

      Show
      None

    Description

      Customer pentest shows that the Server header is returned by admin console when browsing

      https://console-openshift-console$domain/locales/resource.json?lng=en&ns=plugin__odf-console

      This could lead to information about CVE for a potential attacker.

      Response header:

      Server: nginx/1.20.1

      Attachments

        Issue Links

          blocks

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-24678 ODF Dynamic plugin should not expose Server header

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-24640 [release-4.14] ODF Dynamic plugin should not expose Server header

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-24678 ODF Dynamic plugin should not expose Server header

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          links to

          GitHub openshift/console#13404: OCPBUGS-24186: Strip 'Server' header from proxy response

          Web Link RHEA-2024:0041 OpenShift Container Platform 4.16.z bug fix update

          Activity

            People

              jhadvig@redhat.com Jakub Hadvig
              rh-ee-mmayeras Mickael Mayeras
              Yanping Zhang Yanping Zhang
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated: