Project

General

Profile

Actions
Copy link

Bug #26957

closed

Foreman sends session instead request as X-Request-Id

Added by Lukas Zapletal almost 5 years ago. Updated almost 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Lukas Zapletal
Category:
Logging
Target version:
-
Difficulty:
Triaged:
Yes
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman/pull/6827
Fixed in Releases:
1.22.1, 1.23.0
Found in Releases:
Red Hat JIRA:

Description

We send the data to correlate logs but instead request we send session id. This is confusing, I am going to actually send both.

Edit: Also, second part of the problem is that we send session id, which could be vulnerable to session hijacking. We must only send logging_token which is a randomly generated token stored in the session. -- this is actually not true, session mdc field is not vulnerable.

Related issues 1 (0 open1 closed)

Related to Smart Proxy - Bug #26962: Send also session id to structured logsClosedLukas ZapletalActions
Actions
Copy link
 #1

Updated by Lukas Zapletal almost 5 years ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by The Foreman Bot almost 5 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/6827 added
Actions
Copy link
 #3

Updated by Lukas Zapletal almost 5 years ago

  • Related to Bug #26962: Send also session id to structured logs added
Actions
Copy link
 #4

Updated by Tomer Brisker almost 5 years ago

  • Fixed in Releases 1.22.1, 1.23.0 added
Actions
Copy link
 #5

Updated by Lukas Zapletal almost 5 years ago

  • Status changed from Ready For Testing to Closed
Actions
Copy link

Also available in: Atom PDF