Project

General

Profile

Bug #33417

The login page exposes version of the foreman

Added by Lukas Zapletal about 1 year ago. Updated 12 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
-
Difficulty:
Triaged:
Yes
Bugzilla link:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

The login page displays the version of the Foreman. That simplifies the search for the unpatched - vulnerable systems in the organization by unauthenticated user.

Associated revisions

Revision 35076bff (diff)
Added by Anna Vitova 12 months ago

Fixes #33417 - Hide version from the Login page

Refs #33417 - revert snapshot changes

those snapshots are not relevant to this PR

History

#1 Updated by The Foreman Bot about 1 year ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/8775 added

#2 Updated by Evgeni Golov about 1 year ago

So does the `status` enpoint (don't send 'Accept: text/html' or you'll get a bad request):

# curl https://foreman.example.com/status/
{"result":"ok","status":"ok","version":"3.0.0","db_duration_ms":"2"}

#3 Updated by The Foreman Bot 12 months ago

  • Fixed in Releases 3.2.0 added

#4 Updated by Anonymous 12 months ago

  • Status changed from Ready For Testing to Closed

Also available in: Atom PDF