Bug 2000613 - The login page exposes version of the satellite
Summary: The login page exposes version of the satellite
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Security
Version: 6.10.0
Hardware: x86_64
OS: Linux
unspecified
low
Target Milestone: 6.12.0
Assignee: Anna Vitova
QA Contact: Shweta Singh
URL:
Whiteboard:
: 2105949 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-09-02 13:55 UTC by Jaroslav Henner
Modified: 2022-11-16 13:33 UTC (History)
8 users (show)

Fixed In Version: rubygem-foreman_theme_satellite-10.0.0.3-1,foreman-3.2.0
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-11-16 13:32:46 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 33417 0 Normal Ready For Testing The login page exposes version of the foreman 2021-09-28 14:05:22 UTC
Red Hat Issue Tracker SAT-10102 0 None None None 2022-05-03 13:23:18 UTC
Red Hat Issue Tracker SAT-5709 0 None None None 2022-08-18 09:18:19 UTC
Red Hat Product Errata RHSA-2022:8506 0 None None None 2022-11-16 13:33:34 UTC

Description Jaroslav Henner 2021-09-02 13:55:26 UTC
Description of problem:
The login page displays the version of the Satellite. That simplifies the search for the unpatched - vulnerable systems in the organization by unauthenticated user.

Version-Release number of selected component (if applicable):
6.10

How reproducible:
take a look on login page of the running satellite.

Steps to Reproduce:
1. Deploy satellite
2. Go to the login page
3.

Actual results:
version number on the login page

Expected results:
version number on the About page that is available at trough top-right corner menu.

Additional info:

Comment 1 Lukas Zapletal 2021-09-03 10:18:02 UTC
We can probably add a setting to hide the version.

Comment 2 Brad Buckingham 2021-09-17 19:38:04 UTC
Ref: Bug 1929827 was created in the past requesting the same thing.  It is a duplicate; however, it was closed.

Comment 3 Jaroslav Henner 2021-11-22 10:00:46 UTC
Please let me note the default should be to hide it because of the so called "power of defaults"

Comment 4 Lukas Zapletal 2021-11-23 09:34:22 UTC
After a very long discussion, we are going for a patch that will allow users to modify the text on the page. The default version will be something like "This is Satellite $VERSION" as our QA department needs to have the version visible on the login page for some tests. Users will be able to modify this as needed and it will survive upgrades (meaning they will only need to set this once).

Comment 5 Bryan Kearney 2021-12-18 20:05:34 UTC
Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/33417 has been resolved.

Comment 9 Shweta Singh 2022-08-18 09:10:38 UTC
FailedQA

Tested Version: Satellite 6.12 Snap 4

Incorrect version displayed on login page showing foreman version but it expects to display Satellite Version on it to make it backward compatible with previous Satellite versions.

Actual Result: 3.3.0

Expected Result: Satellite 6.12

Comment 10 Shweta Singh 2022-09-06 06:48:29 UTC
FailedQA

Tested Version: Satellite 6.12 Snap 9

Fix is not available in current snap. It expects to display Satellite Version on it to make it backward compatible with previous Satellite versions.

Actual Result: 3.3.0.6

Expected Result: Satellite 6.12

Comment 14 Shweta Singh 2022-09-19 08:52:46 UTC
Verified.

Version Tested: Satellite 6.12 Snap 11.0 
Foreman version: foreman-3.3.0.8-1.el8sat

Verification Steps:
1. Verify satellite latest version is displayed on login page of satellite UI by default.

Result:
"Version 6.12.0" displayed on login page.

Comment 15 Ron Lavi 2022-09-19 10:55:43 UTC
*** Bug 2105949 has been marked as a duplicate of this bug. ***

Comment 19 errata-xmlrpc 2022-11-16 13:32:46 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Satellite 6.12 Release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:8506


Note You need to log in before you can comment on or make changes to this bug.