Project

General

Profile

Actions
Copy link

Bug #33417

closed

The login page exposes version of the foreman

Added by Lukas Zapletal over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Anna Vítová
Category:
Security
Target version:
-
Difficulty:
Triaged:
Yes
Bugzilla link:
2000613
Pull request:
https://github.com/theforeman/foreman/pull/8775
Fixed in Releases:
3.2.0
Found in Releases:
Red Hat JIRA:

Description

The login page displays the version of the Foreman. That simplifies the search for the unpatched - vulnerable systems in the organization by unauthenticated user.

Actions
Copy link
 #1

Updated by The Foreman Bot over 2 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/8775 added
Actions
Copy link
 #2

Updated by Evgeni Golov over 2 years ago

So does the `status` enpoint (don't send 'Accept: text/html' or you'll get a bad request):

# curl https://foreman.example.com/status/
{"result":"ok","status":"ok","version":"3.0.0","db_duration_ms":"2"}
Actions
Copy link
 #3

Updated by The Foreman Bot over 2 years ago

  • Fixed in Releases 3.2.0 added
Actions
Copy link
 #4

Updated by Anonymous over 2 years ago

  • Status changed from Ready For Testing to Closed
Actions
Copy link

Also available in: Atom PDF