1927719 – [GSS][ceph-dashboard] cherrypy reveals it's versions in header and error pages

Bug 1927719 - [GSS][ceph-dashboard] cherrypy reveals it's versions in header and error pages

Summary: [GSS][ceph-dashboard] cherrypy reveals it's versions in header and error pages

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	Ceph-Dashboard
Sub Component:
Version:	4.2
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	medium
Target Milestone:	---
Target Release:	4.2z1
Assignee:	avan
QA Contact:	Sunil Angadi
Docs Contact:	Anjana Suparna Sriram
URL:
Whiteboard:
Depends On:
Blocks:	1890121
TreeView+	depends on / blocked

Reported:	2021-02-11 11:57 UTC by Janmejay Singh
Modified:	2024-10-01 17:28 UTC (History)
CC List:	10 users (show)
Fixed In Version:	ceph-14.2.11-125.el8cp, ceph-14.2.11-125.el7cp
Doc Type:	Bug Fix
Doc Text:	.Cherrypy no longer reveals its versions in header and error pages Previously, cherrypy revealed its version in header and error pages. Exposing this information caused a potential security vulnerability. With this release, the headers for both dashboard and Prometheus servers now show Ceph-Dashboard and Ceph-Prometheus instead of the cherrypy version. This change eliminates the security vulnerability.
Clone Of:
Environment:
Last Closed:	2021-04-28 20:13:19 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Ceph Project Bug Tracker	44935	None	None	None	2021-02-11 12:55:14 UTC
Ceph Project Bug Tracker	49243	None	None	None	2021-02-17 19:28:03 UTC
Ceph Project Bug Tracker	49248	None	None	None	2021-02-11 14:54:07 UTC
Github	ceph ceph pull 34656	None	closed	mgr/dashboard: customize CherryPy Server Header	2021-02-16 03:26:45 UTC
Github	ceph ceph pull 39419	None	closed	nautilus: mgr/dashboard: customize CherryPy Server Header	2021-02-16 03:26:45 UTC
Red Hat Product Errata	RHSA-2021:1452	None	None	None	2021-04-28 20:13:42 UTC

Comment 35 errata-xmlrpc 2021-04-28 20:13:19 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat Ceph Storage security, bug fix, and enhancement Update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:1452

Note You need to log in before you can comment on or make changes to this bug.