Uploaded image for project: 'ONAP JIRA Security Issues'
  1. ONAP JIRA Security Issues
  2. OJSI-110

so-monitor exposes plain text HTTP endpoint using port 30224

CloneClone+Clone++
    XMLWordPrintable

Details

    • Task
    • Status: Public disclosure
    • Highest
    • Resolution: Done
    • None
    • Frankfurt Release

    Description

      'so-monitoring' application exposes port 30224 with plaintext HTTP.
      There are two possible solutions:
      1. if the port/api is not used/needed -> close it
      2. if it is needed - move communication to HTTPS only

      FYI: may be fixed by introduction of Ingress Controller with OOM-1508

      Attachments

        Issue Links

          relates to

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. SO-2063 AAF integration

          • Highest - Catastrophic defect that causes total failure of the software or unrecoverable data loss with no available workaround. Complete shut-down of the process, nothing can proceed further. Blocks testing of the product / feature. Must be fixed in the next build.
          • In Progress
          mentioned in

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              kopasiak Krzysztof Opasiak
              kopasiak Krzysztof Opasiak
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: