Actions
Bug #57868
openiSCSI: rbd-target-api reports python version and identified 'unsupported version' triggering vulnerability scanners
% Done:
0%
Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
When running the cephadm deployed iSCSI container images, the API endpoint exposes python versions. This trigggers vulnerability scanners (Nesssus) to report it as a critical security vulnerability.
$ curl -I http://localhost:5000/ HTTP/1.0 404 NOT FOUND Content-Type: text/html Content-Length: 233 Server: Werkzeug/0.12.2 Python/3.6.8 Date: Fri, 14 Oct 2022 07:32:15 GMT
The remote host contains one or more unsupported versions of Python. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.Suggested solutions:
- Stop rbd-target-api reporting versions (hacky patch attached)
- Upgrade the container image python version..
Files
Actions