Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be unavailable on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1489389 - [RFE] Regex matching allows for potential CORS security vulnerability in web console
Summary: [RFE] Regex matching allows for potential CORS security vulnerability in web ...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: RFE
Version: 3.5.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: ---
Assignee: Michal Fojtik
QA Contact: Xiaoli Tian
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-09-07 10:43 UTC by David Caldwell
Modified: 2021-03-11 15:44 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-12 11:56:59 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description David Caldwell 2017-09-07 10:43:05 UTC 
1. Proposed title of this feature request
Improve regex matching in web console to tighten potential CORS misuse

3. Please see private comment regarding vulnerability details.

5. How would the customer like to achieve this? (List the functional requirements here)
Tightening CORS vulnerability
 
6. For each functional requirement listed in question 5, specify how Red Hat
and the customer can test to confirm the requirement is successfully implemented.
By reproducing the testing described above

7. Is there already an existing RFE upstream or in Red Hat bugzilla?
No
 
10. List any affected packages or components.
Web console
Comment 12 Kirsten Newcomer 2019-06-12 11:56:59 UTC 
With the introduction of OpenShift 4, Red Hat has delivered or roadmapped a substantial number of features based on feedback by our customers.  Many of the enhancements encompass specific RFEs which have been requested, or deliver a comparable solution to a customer problem, rendering an RFE redundant.

This bz (RFE) has been identified as a feature request not yet planned or scheduled for an OpenShift release and is being closed. 

If this feature is still an active request that needs to be tracked, Red Hat Support can assist in filing a request in the new JIRA RFE system, as well as provide you with updates as the RFE progress within our planning processes. Please open a new support case: https://access.redhat.com/support/cases/#/case/new 

Opening a New Support Case: https://access.redhat.com/support/cases/#/case/new 

As the new Jira RFE system is not yet public, Red Hat Support can help answer your questions about your RFEs via the same support case system.
Note You need to log in before you can comment on or make changes to this bug.