Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Major
Fix Version/s: 4.16.0
Affects Version/s: 4.12.z
Component/s: Management Console
Labels:
None

Severity:
Important
Regression:
No
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Type:
Release Note Not Required
Release Note Status:
In Progress
Target Version:

4.16.0

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Customer pentest shows that the Server header is returned by admin console when browsing

https://console-openshift-console$domain/locales/resource.json?lng=en&ns=plugin__odf-console

This could lead to information about CVE for a potential attacker.

Response header:

Server: nginx/1.20.1

blocks

OCPBUGS-24678 ODF Dynamic plugin should not expose Server header

Closed

is cloned by

OCPBUGS-24640 [release-4.14] ODF Dynamic plugin should not expose Server header

Closed

OCPBUGS-24678 ODF Dynamic plugin should not expose Server header

Closed

links to

openshift/console#13404: OCPBUGS-24186: Strip 'Server' header from proxy response

RHEA-2024:0041 OpenShift Container Platform 4.16.z bug fix update

Assignee:: Jakub Hadvig

Reporter:: Mickael Mayeras

QA Contact:: Yanping Zhang

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2023/11/29 8:03 AM

Updated:: 2024/06/27 11:25 AM

Resolved:: 2024/06/27 11:25 AM