openstack
/
openstack-helm
Code Issues Proposed changes
openstack-helm/horizon/templates
History
Dmitrii Kabanov b8eb8b3581 Horizon: HTTP Verb Tampering vulnerability fix 
The patch fixes the HTTP verb tampering issue. The idea is to disable
unnecessary HTTP methods for the Horizon. You can find a link to
the description [0] and a link to the White Paper [1] below:

CAPEC-274: HTTP Verb Tampering
[0] https://capec.mitre.org/data/definitions/274.html

Bypassing Web Authentication and Authorization with HTTP Verb Tampering
(Bypassing_VBAAC_with_HTTP_Verb_Tampering.pdf)
[1] https://dl.packetstormsecurity.net/papers/web/Bypassing_VBAAC_with_HTTP_Verb_Tampering.pdf

Change-Id: I98169973410bc1dce779ac1e870256b9a45d2cc8
 		2018-09-28 12:12:41 -07:00
..
bin Horizon: HTTP Verb Tampering vulnerability fix 2018-09-28 12:12:41 -07:00
configmap-bin.yaml Revert "Update OSH Author copyrights to OSF" 2018-08-28 17:25:13 +00:00
configmap-etc.yaml Revert "Update OSH Author copyrights to OSF" 2018-08-28 17:25:13 +00:00
deployment.yaml Add release uuid to pods and rc objects 2018-09-13 06:29:14 -05:00
ingress-api.yaml Revert "Update OSH Author copyrights to OSF" 2018-08-28 17:25:13 +00:00
job-db-drop.yaml Revert "Update OSH Author copyrights to OSF" 2018-08-28 17:25:13 +00:00
job-db-init.yaml Revert "Update OSH Author copyrights to OSF" 2018-08-28 17:25:13 +00:00
job-db-sync.yaml Add release uuid to pods and rc objects 2018-09-13 06:29:14 -05:00
job-image-repo-sync.yaml Revert "Update OSH Author copyrights to OSF" 2018-08-28 17:25:13 +00:00
pdb.yaml Revert "Update OSH Author copyrights to OSF" 2018-08-28 17:25:13 +00:00
secret-db.yaml Revert "Update OSH Author copyrights to OSF" 2018-08-28 17:25:13 +00:00
secret-ingress-tls.yaml Revert "Update OSH Author copyrights to OSF" 2018-08-28 17:25:13 +00:00
service-ingress.yaml Revert "Update OSH Author copyrights to OSF" 2018-08-28 17:25:13 +00:00
service.yaml Revert "Update OSH Author copyrights to OSF" 2018-08-28 17:25:13 +00:00