Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-2273

Cross Origin Resource Sharing protection for the OpenShift Web Console

    XMLWordPrintable

Details

    • Feature Request
    • Resolution: Done
    • Normal
    • None
    • None
    • User Interface
    • None
    • False
    • False
    • 0
    • 0% 0%

    Description

      1. Proposed title of this feature request
      Ensure Cross Origin Resource Sharing protection headers are present for the OpenShfit Web Console.

      2. What is the nature and description of the request?
      Currently, there is minimal protection for CORS in the OpenShift Web Console

      CORS allows resources to be requested from another domain outside the domain from which the resource originated.

      The absence of this has been known to be used with social-engineering/phishing to utilize existing session token on different website and cause users to issue malicious requests to the application without the users knowledge.

      Impact
      Exploitation of this vulnerability allows attackers to issue requests to the application on behalf of users and perform various tasks within the application.

      3. Why does the customer need this? (List the business requirements here)
      To increase the security of their platform

      4. List any affected packages or components.
      OpenShift Web Console.

      Attachments

        1. New Image.png
          New Image.png
          126 kB
        2. Old Image.png
          Old Image.png
          140 kB

        Issue Links

          is cloned by

          Feature - Capability or a well-defined set of functionality that delivers business value. Features can include additions or changes to existing functionality. Features can easily span multiple teams, and potentially multiple releases. OBSDA-232 Cross Origin Resource Sharing protection for the OpenShift Web Console

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • In Progress

          Activity

            People

              rh-ee-rfloren Roger Florén
              rhn-support-mwasher Michael Washer
              Votes:
              2 Vote for this issue
              Watchers:
              18 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: