Project

General

Profile

Feature #47765

mgr/dashboard: security improvements

Added by Ernesto Puerta over 3 years ago. Updated about 2 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
General
Target version:
% Done:

85%

Source:
Tags:
security
Backport:
Reviewed:
Affected Versions:
Pull request ID:

Description

High-level tracker for collecting security-related issues & improvements.


Subtasks

Bug #24453: mgr/dashboard: Manager should complain about wrong dashboard certificateResolvedVolker Theile

Feature #24655: mgr/dashboard: Enforce password change upon first loginClosedVolker Theile

Feature #24662: mgr/dashboard: SSL-enabled dashboard does not play nicely with a frontend HAproxyResolvedVolker Theile

Feature #24672: mgr/dashboard: Prevent user from accessing unallowed pagesClosed

Feature #25229: mgr/dashboard: Provide user enable/disable capabilityClosedPatrick Seidensal

Feature #25232: mgr/dashboard: Support minimum password complexity rules ClosedElzbieta Dziomdziora

Feature #39999: mgr/dashboard: Prevent brute-force/dictionary attacks against existing local user accountsResolvedNizamudeen A

Feature #40248: mgr/dashboard: As a user, I want to change my passwordClosedVolker Theile

Feature #40329: mgr/dashboard: It should be possible to set an expiration date for the user passwordClosedTatjana Dehler

Feature #40814: mgr/dashboard: Allow to set individual password expiry datesClosedTatjana Dehler

Feature #40816: mgr/dashboard: Recalculate password expiry dateClosed

Feature #42340: mgr/dashboard: admin password expiryClosed

Feature #42342: mgr/dashboard: disabled users password expiryClosed

Feature #42343: mgr/dashboard: 'ac_user_create_cmd' requires timestamp as 'pwd_expiry_date'Closed

Bug #41320: mgr/dashboard: passwords and other sensitive information is written to logsResolvedKefu Chai

Bug #41990: mgr/dashboard: hide Python tracebacks in response errorsResolvedErnesto Puerta

Documentation #42165: mgr/dashboard: Document new password requirements in the installation documentationNew

Bug #43262: mgr/dashboard: security: upgrade serialize-javascriptNew

Bug #43607: mgr/dashboard: fix improper URL checkingResolvedErnesto Puerta

Bug #44237: mgr/dashboard: security: some system roles allow accessing sensitive informationResolvedAlfonso Martínez

Bug #44591: CVE-2020-27839: mgr/dashboard: The ceph dashboard is vulnerable to XSS attacksResolvedAvan Thakkar

Feature #45372: mgr/dashboard: monitoring/grafana: any user can run any query on the Prometheus data sourceNew

Cleanup #47341: mgr/dashboard: securing CherryPyResolvedAvan Thakkar

Cleanup #49243: mgr/dashboard: set XFrame options and Content Security Policy headersResolvedAvan Thakkar

Bug #47356: mgr/dashboard: some nfs-ganesha endpoints are not in correct security scope ResolvedKiefer Chang

Bug #47857: mgr/dashboard: sensitive information stored in cleartextWon't Fix


Related issues

Blocked by Dashboard - Feature #40914: mgr/dashboard: REST API: security Resolved

History

#1 Updated by Ernesto Puerta over 3 years ago

#2 Updated by Ernesto Puerta over 3 years ago

  • Subject changed from mgr/dashboard: security to mgr/dashboard: security improvements

#3 Updated by Ernesto Puerta almost 3 years ago

  • Category changed from 132 to General

Also available in: Atom PDF