Bug #44753: mgr/dashboard: Secure the Alertmanger receiver endpoint - Dashboard - Ceph

Actions

Copy link

Bug #44753

open

mgr/dashboard: Secure the Alertmanger receiver endpoint

Added by Stephan Müller about 4 years ago. Updated about 3 years ago.

Status:

New

Priority:

Normal

Assignee:

Category:

General - Back-end

Target version:

% Done:

Source:

Tags:

Backport:

Regression:

Severity:

3 - minor

Reviewed:

Affected Versions:

ceph-qa-suite:

Pull request ID:

Crash signature (v1):

Crash signature (v2):

Description

Currently it is possible send push notification unauthenticated to the dashboard and the push notifications are not verified if they actually are coming from an Alertmanager instance.

To see whats configurable see https://prometheus.io/docs/alerting/configuration/#http_config

Removing the endpoint is not a solution to be considered as ceph orchestrator is configuring every Alertmanager instance to talk to the receiver of the dashboard.

The receiver is at the moment the only part that can handle multiple Altermanger instances.

Actions

Copy link

Updated by Ernesto Puerta about 3 years ago

Project changed from mgr to Dashboard
Category changed from 146 to General - Back-end

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Ceph » mgr » Dashboard

Custom queries

Bug #44753

mgr/dashboard: Secure the Alertmanger receiver endpoint

Updated by Ernesto Puerta about 3 years ago