Project

General

Profile

Actions
Copy link

Bug #57868

open

iSCSI: rbd-target-api reports python version and identified 'unsupported version' triggering vulnerability scanners

Added by Dan Poltawski over 1 year ago. Updated over 1 year ago.

Status:
New
Priority:
Normal
Assignee:
Guillaume Abrioux
Category:
-
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

When running the cephadm deployed iSCSI container images, the API endpoint exposes python versions. This trigggers vulnerability scanners (Nesssus) to report it as a critical security vulnerability.

$ curl -I http://localhost:5000/
HTTP/1.0 404 NOT FOUND
Content-Type: text/html
Content-Length: 233
Server: Werkzeug/0.12.2 Python/3.6.8
Date: Fri, 14 Oct 2022 07:32:15 GMT

The remote host contains one or more unsupported versions of Python.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
Suggested solutions:
  • Stop rbd-target-api reporting versions (hacky patch attached)
  • Upgrade the container image python version..

Files

rbd-api.patch (679 Bytes) rbd-api.patch Dan Poltawski, 10/14/2022 07:44 AM
Actions
Copy link
 #1

Updated by Ilya Dryomov over 1 year ago

  • Target version deleted (v17.2.5)
Actions
Copy link
 #2

Updated by Ilya Dryomov over 1 year ago

  • Assignee set to Guillaume Abrioux

This likely goes for all ceph-container containers... Guillaume, could you please take a look?

Actions
Copy link

Also available in: Atom PDF