Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Undefined
Fix Version/s: None
Affects Version/s: 6.13.z, 6.14.z, 6.15.z, 6.16.0
Component/s: Installation
Labels:

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Fixed in Build:
foreman-installer-3.12.0-1
PM Score:
0
Satellite Team:

Endeavour, Platform
Git Pull Request:
https://github.com/theforeman/puppet-foreman/pull/1178
BZ Keywords:
- Unset
Intelligence Requested:
Market:

Target Version:

6.16.0

Test Link:
http://5a9be063-cdc4-43ce-91b9-7608fbebf8bb
Test Coverage:

Automated
Regression:
Yes

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

PX Priority Data:
PX Impact Score:
PX Review Complete:

Description of problem:

ssia

How reproducible:

always

Is this issue a regression from an earlier version:

Not a regression from an earlier version of Satellite. There were some cve fixes in apache-2.4.60, which (probably) got backported into httpd-2.4.37-65 which seems to have landed in both RHEL8 and 9. These cve fixes forbid the behavior we were relying on, unless we explicitly allow it with a flag.

Steps to Reproduce:

1. Enable cockpit integration

2. Try to access web console of a host

Actual behavior:

403 forbidden, "AH: Unsafe URL with %3f URL rewritten without UnsafeAllow3F" in foreman-ssl_error_ssl.log

Expected behavior:

Web console of remote host gets displayed.{}

duplicates

SAT-27802 issue with web console when upgrading from 6.15.2 to 6.15.3

Closed

links to

KB 7086556

projects.theforeman.org/37761

Assignee:: Adam Ruzicka

Reporter:: Adam Ruzicka

QA Contact:: Peter Ondrejka

Votes:: 3 Vote for this issue

Watchers:: 12 Start watching this issue

Created:: 2024/08/22 8:44 AM

Updated:: 2024/09/27 1:47 AM

Resolved:: 2024/09/23 5:23 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates