Project

General

Profile

Feature #47765

mgr/dashboard: security improvements

Added by Ernesto Puerta about 2 months ago. Updated 5 days ago.

Status:
New
Priority:
High
Assignee:
-
Category:
dashboard/general
Target version:
% Done:

65%

Source:
Tags:
security
Backport:
Reviewed:
Affected Versions:
Pull request ID:

Description

High-level tracker for collecting security-related issues & improvements.


Subtasks

Bug #24453: mgr/dashboard: Manager should complain about wrong dashboard certificateResolvedVolker Theile

Feature #24655: mgr/dashboard: Enforce password change upon first loginClosedVolker Theile

Feature #24662: mgr/dashboard: SSL-enabled dashboard does not play nicely with a frontend HAproxyResolvedVolker Theile

Feature #24672: mgr/dashboard: Prevent user from accessing unallowed pagesClosed

Feature #25229: mgr/dashboard: Provide user enable/disable capabilityClosedPatrick Seidensal

Feature #25232: mgr/dashboard: Support minimum password complexity rules ClosedElzbieta Dziomdziora

Feature #39999: mgr/dashboard: Prevent brute-force/dictionary attacks against existing local user accountsNew

Feature #40248: mgr/dashboard: As a user, I want to change my passwordClosedVolker Theile

Feature #40329: mgr/dashboard: It should be possible to set an expiration date for the user passwordClosedTatjana Dehler

Feature #40814: mgr/dashboard: Allow to set individual password expiry datesClosedTatjana Dehler

Feature #40816: mgr/dashboard: Recalculate password expiry dateClosed

Feature #42340: mgr/dashboard: admin password expiryClosed

Feature #42342: mgr/dashboard: disabled users password expiryClosed

Feature #42343: mgr/dashboard: 'ac_user_create_cmd' requires timestamp as 'pwd_expiry_date'Closed

Bug #41320: mgr/dashboard: passwords and other sensitive information is written to logsResolvedKefu Chai

Bug #41990: mgr/dashboard: hide Python tracebacks in response errorsResolvedErnesto Puerta

Documentation #42165: mgr/dashboard: Document new password requirements in the installation documentationNew

Bug #43262: mgr/dashboard: security: upgrade serialize-javascriptNew

Bug #43607: mgr/dashboard: fix improper URL checkingResolvedErnesto Puerta

Bug #44237: mgr/dashboard: security: some system roles allow accessing sensitive informationResolvedAlfonso Martínez

Fix #44591: mgr/dashboard: The ceph dashboard is vulnerable to XSS attacksNew

Feature #45372: mgr/dashboard: monitoring/grafana: any user can run any query on the Prometheus data sourceNew

Cleanup #47341: mgr/dashboard: securing CherryPyNew

Bug #47356: mgr/dashboard: some nfs-ganesha endpoints are not in correct security scope ResolvedKiefer Chang

Bug #47857: mgr/dashboard: sensitive information stored in cleartextNew


Related issues

Blocked by mgr - Feature #40914: mgr/dashboard: REST API: security Fix Under Review

History

#1 Updated by Ernesto Puerta about 2 months ago

#2 Updated by Ernesto Puerta about 1 month ago

  • Subject changed from mgr/dashboard: security to mgr/dashboard: security improvements

Also available in: Atom PDF