Details
-
Bug
-
Resolution: Unresolved
-
Major
-
4.12.z
-
None
-
Important
-
No
-
False
-
Description
Customer pentest shows that the Server header is returned by admin console when browsing
https://console-openshift-console$domain/locales/resource.json?lng=en&ns=plugin__odf-console
This could lead to information about CVE for a potential attacker.
Response header:
Server: nginx/1.20.1
Attachments
Issue Links
- blocks
-
OCPBUGS-24678 ODF Dynamic plugin should not expose Server header
- Closed
- is cloned by
-
OCPBUGS-24640 [release-4.14] ODF Dynamic plugin should not expose Server header
- Closed
-
OCPBUGS-24678 ODF Dynamic plugin should not expose Server header
- Closed
- links to
-
RHEA-2024:0041 OpenShift Container Platform 4.16.z bug fix update