Project

General

Profile

Bug #57868

iSCSI: rbd-target-api reports python version and identified 'unsupported version' triggering vulnerability scanners

Added by Dan Poltawski 4 months ago. Updated 3 months ago.

Status:
New
Priority:
Normal
Category:
-
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

When running the cephadm deployed iSCSI container images, the API endpoint exposes python versions. This trigggers vulnerability scanners (Nesssus) to report it as a critical security vulnerability.

$ curl -I http://localhost:5000/
HTTP/1.0 404 NOT FOUND
Content-Type: text/html
Content-Length: 233
Server: Werkzeug/0.12.2 Python/3.6.8
Date: Fri, 14 Oct 2022 07:32:15 GMT
The remote host contains one or more unsupported versions of Python.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
Suggested solutions:
  • Stop rbd-target-api reporting versions (hacky patch attached)
  • Upgrade the container image python version..

rbd-api.patch View (679 Bytes) Dan Poltawski, 10/14/2022 07:44 AM

History

#1 Updated by Ilya Dryomov 3 months ago

  • Target version deleted (v17.2.5)

#2 Updated by Ilya Dryomov 3 months ago

  • Assignee set to Guillaume Abrioux

This likely goes for all ceph-container containers... Guillaume, could you please take a look?

Also available in: Atom PDF