First Last Prev Next    This bug is not in your last search results.
Bug 43055 - unsecure remote resource loading in css
unsecure remote resource loading in css
Status: CLOSED WONTFIX
Product: UCS
Classification: Unclassified
Component: UMC (Generic)
UCS 4.0
Other Linux
: P5 normal (vote)
: UCS 4.0-x-errata
Assigned To: UMC maintainers
:
Depends on: 43054
Blocks:
  Show dependency treegraph
 
Reported: 2016-11-25 13:35 CET by Nico Stöckigt
Modified: 2019-04-04 12:55 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2016112521000141
Bug group (optional): Security
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Nico Stöckigt univentionstaff 2016-11-25 13:35:30 CET 
I think this should be "backported" to earlier versions...

+++ This bug was initially created as a clone of Bug #43054 +++

In file /usr/share/univention-management-console-frontend/js/dijit/themes/umc/umc.css line 10692 there is a css backround attribute which loads an image from demo.univention.de which is used for statistics. Unfortunately this image is loaded via http instead https so it will break the secure context of the website.

Attached there is a Patchfile to correct that behavior in a productive environment.
Comment 1 Florian Best univentionstaff 2016-11-25 14:03:32 CET 
UCS 4.0 is out of maintenance. This bug has no security impact.
First Last Prev Next    This bug is not in your last search results.