Bug #33417
closed
The login page exposes version of the foreman
Added by Lukas Zapletal over 3 years ago.
Updated about 3 years ago.
Description
The login page displays the version of the Foreman. That simplifies the search for the unpatched - vulnerable systems in the organization by unauthenticated user.
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/8775 added
So does the `status` enpoint (don't send 'Accept: text/html' or you'll get a bad request):
# curl https://foreman.example.com/status/
{"result":"ok","status":"ok","version":"3.0.0","db_duration_ms":"2"}
- Fixed in Releases 3.2.0 added
- Status changed from Ready For Testing to Closed
Also available in: Atom
PDF