Generated alert resolution URL raises untrusted redirect to app server IP address
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Landscape Server |
New
|
Undecided
|
Unassigned |
Bug Description
Clicking an active alert in the alert dropdown results in an OOPS message being shown. Investigation of the OOPS message will show that an exception was thrown over an untrusted redirect from the context of the /resolve URI linked in the alert. Instead of the configured root URL or Apache server name being used as the URL hostname segment, the application server's local IP address is used to construct the redirect location. Because Zope is sensitive to the hostname segment to determine trusted redirect locations, this error is thrown and navigation fails.
This issue has appeared in both Juju-deployed HA environments and quickstart deployments as reported in customer support tickets. So far, it appears to impact Landscape Server versions 23.03 and greater.
information type: | Proprietary → Public |