First Last Prev Next    This bug is not in your last search results.
Bug 56967 - UDM REST should not send tracebacks in error messages by default
UDM REST should not send tracebacks in error messages by default
Status: NEW
Product: UCS
Classification: Unclassified
Component: UDM - REST API
UCS 5.0
Other Linux
: P5 normal (vote)
: ---
Assigned To: UMC maintainers
UMC maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2024-01-09 10:30 CET by Daniel Tröder
Modified: 2024-01-09 10:33 CET (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.034
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Error handling, Security
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Tröder univentionstaff 2024-01-09 10:30:32 CET 
+++ This bug was initially created as a clone of Bug #56035 +++


Revealing details about internal errors via the network is generally bad practice.
See OWASP: https://owasp.org/www-community/Improper_Error_Handling

IMHO, higher network security trumps reduced support handling time (asking for a log file).

So the UCR variable directory/manager/rest/show-tracebacks should be set to 'false' by default.
First Last Prev Next    This bug is not in your last search results.