Project

General

Profile

Actions
Copy link

Feature #47765

open

mgr/dashboard: security improvements

Added by Ernesto Puerta over 3 years ago. Updated about 2 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
General
Target version:
Ceph - v16.0.0
% Done:

85%

Source:
Tags:
security
Backport:
Reviewed:
Affected Versions:
Pull request ID:

Description

High-level tracker for collecting security-related issues & improvements.

Subtasks 26 (3 open23 closed)

Bug #24453: mgr/dashboard: Manager should complain about wrong dashboard certificateResolvedVolker Theile

Actions
Feature #24655: mgr/dashboard: Enforce password change upon first loginClosedVolker Theile

Actions
Feature #24662: mgr/dashboard: SSL-enabled dashboard does not play nicely with a frontend HAproxyResolvedVolker Theile

Actions
Feature #24672: mgr/dashboard: Prevent user from accessing unallowed pagesClosed

Actions
Feature #25229: mgr/dashboard: Provide user enable/disable capabilityClosedPatrick Seidensal

Actions
Feature #25232: mgr/dashboard: Support minimum password complexity rules ClosedElzbieta Dziomdziora

Actions
Feature #39999: mgr/dashboard: Prevent brute-force/dictionary attacks against existing local user accountsResolvedNizamudeen A

Actions
Feature #40248: mgr/dashboard: As a user, I want to change my passwordClosedVolker Theile

Actions
Feature #40329: mgr/dashboard: It should be possible to set an expiration date for the user passwordClosedTatjana Dehler

Actions
Feature #40814: mgr/dashboard: Allow to set individual password expiry datesClosedTatjana Dehler

Actions
Feature #40816: mgr/dashboard: Recalculate password expiry dateClosed

Actions
Feature #42340: mgr/dashboard: admin password expiryClosed

Actions
Feature #42342: mgr/dashboard: disabled users password expiryClosed

Actions
Feature #42343: mgr/dashboard: 'ac_user_create_cmd' requires timestamp as 'pwd_expiry_date'Closed

Actions
Bug #41320: mgr/dashboard: passwords and other sensitive information is written to logsResolvedKefu Chai

Actions
Bug #41990: mgr/dashboard: hide Python tracebacks in response errorsResolvedErnesto Puerta

Actions
Documentation #42165: mgr/dashboard: Document new password requirements in the installation documentationNew

Actions
Bug #43262: mgr/dashboard: security: upgrade serialize-javascriptNew

Actions
Bug #43607: mgr/dashboard: fix improper URL checkingResolvedErnesto Puerta

Actions
Bug #44237: mgr/dashboard: security: some system roles allow accessing sensitive informationResolvedAlfonso Martínez

Actions
Bug #44591: CVE-2020-27839: mgr/dashboard: The ceph dashboard is vulnerable to XSS attacksResolvedAvan Thakkar

Actions
Feature #45372: mgr/dashboard: monitoring/grafana: any user can run any query on the Prometheus data sourceNew

Actions
Cleanup #47341: mgr/dashboard: securing CherryPyResolvedAvan Thakkar

Actions
Cleanup #49243: mgr/dashboard: set XFrame options and Content Security Policy headersResolvedAvan Thakkar

Actions
Bug #47356: mgr/dashboard: some nfs-ganesha endpoints are not in correct security scope ResolvedKiefer Chang

Actions
Bug #47857: mgr/dashboard: sensitive information stored in cleartextWon't Fix

Actions

Related issues 1 (0 open1 closed)

Blocked by Dashboard - Feature #40914: mgr/dashboard: REST API: securityResolvedNizamudeen A

Actions
Actions
Copy link
 #1

Updated by Ernesto Puerta over 3 years ago

Actions
Copy link
 #2

Updated by Ernesto Puerta over 3 years ago

  • Subject changed from mgr/dashboard: security to mgr/dashboard: security improvements
Actions
Copy link
 #3

Updated by Ernesto Puerta about 3 years ago

  • Category changed from 132 to General
Actions
Copy link

Also available in: Atom PDF