Project

General

Profile

Actions

Bug #33417

closed

The login page exposes version of the foreman

Added by Lukas Zapletal over 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
-
Difficulty:
Triaged:
Yes
Fixed in Releases:
Found in Releases:

Description

The login page displays the version of the Foreman. That simplifies the search for the unpatched - vulnerable systems in the organization by unauthenticated user.

Actions #1

Updated by The Foreman Bot over 2 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/8775 added
Actions #2

Updated by Evgeni Golov over 2 years ago

So does the `status` enpoint (don't send 'Accept: text/html' or you'll get a bad request):

# curl https://foreman.example.com/status/
{"result":"ok","status":"ok","version":"3.0.0","db_duration_ms":"2"}
Actions #3

Updated by The Foreman Bot about 2 years ago

  • Fixed in Releases 3.2.0 added
Actions #4

Updated by Anonymous about 2 years ago

  • Status changed from Ready For Testing to Closed
Actions

Also available in: Atom PDF