Security: HSTS not enabled on kubernetes and docker ports

Bug #1869526 reported by Ghada Khalil
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Triaged
Low
Andy

Bug Description

Brief Description
-----------------
Nessus scan reports the following low security finding:
HSTS not enabled on kubernetes and docker ports
To address this report, need to enable HSTS for k8s port 6443, docker ports 9001 & 9002

Severity
--------
Minor security concern

Branch/Pull Time/Commit
-----------------------
Tested on stx master

Test Activity
-------------
Security Scan

Tags: stx.security
Ghada Khalil (gkhalil)
description: updated
tags: added: stx.security
Revision history for this message
Ghada Khalil (gkhalil) wrote :

Would be nice to fix in stx.4.0 as this is a security concern

Changed in starlingx:
importance: Undecided → Medium
status: New → Triaged
tags: added: stx.4.0
Ghada Khalil (gkhalil)
Changed in starlingx:
assignee: nobody → Andy (andy.wrs)
Revision history for this message
Ghada Khalil (gkhalil) wrote :

Lowering the priority. This is a would-be-nice to fix, but doesn't strictly hold up stx.4.0

Changed in starlingx:
importance: Medium → Low
tags: removed: stx.4.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.