karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KARAF-4993) Unsecured access to gogo console over web
Date Tue, 14 Mar 2017 15:00:47 GMT

    [ https://issues.apache.org/jira/browse/KARAF-4993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15924364#comment-15924364
] 

ASF subversion and git services commented on KARAF-4993:
--------------------------------------------------------

Commit 1fc60d7792e1aa35970b8d967f88ca3381053172 in karaf's branch refs/heads/karaf-3.0.x from
[~chris@die-schneider.net]
[ https://git-wip-us.apache.org/repos/asf?p=karaf.git;h=1fc60d7 ]

[KARAF-4993] Remove alias property to fix security issue


> Unsecured access to gogo console over web
> -----------------------------------------
>
>                 Key: KARAF-4993
>                 URL: https://issues.apache.org/jira/browse/KARAF-4993
>             Project: Karaf
>          Issue Type: Bug
>          Components: karaf-webconsole
>    Affects Versions: 4.1.0, 3.0.8, 4.0.8
>            Reporter: Christian Schneider
>            Priority: Blocker
>             Fix For: 3.0.9, 4.0.9, 4.1.1
>
>
> Start plain karaf 4.1.0
> feature:install webconsole http-whiteboard
> Acess http://localhost:8181/gogo/
> Unsecured access to the gogo console
> If I use http://localhost:8181/gogo
> NPE http://apaste.info/wQTBD
> So it seems like the http whiteboard extender picks up the gogo webconsole plugin.
> Thanks to Kevin Schmidt for finding this issue.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message