You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@datalab.apache.org by "Vira Vitanska (Jira)" <ji...@apache.org> on 2022/07/25 07:43:00 UTC

[jira] [Updated] (DATALAB-2941) [GCP][AWS]Get rid of vulnerabilities

     [ https://issues.apache.org/jira/browse/DATALAB-2941?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Vira Vitanska updated DATALAB-2941:
-----------------------------------
    Summary: [GCP][AWS]Get rid of vulnerabilities  (was: [GCP][AWS]Get rid of vulnerabilities with respect to the policy )

> [GCP][AWS]Get rid of vulnerabilities
> ------------------------------------
>
>                 Key: DATALAB-2941
>                 URL: https://issues.apache.org/jira/browse/DATALAB-2941
>             Project: Apache DataLab
>          Issue Type: Task
>      Security Level: Public(Regular Issues) 
>          Components: DataLab Main
>            Reporter: Vira Vitanska
>            Assignee: Leonid Frolov
>            Priority: Minor
>              Labels: AWS, Debian, DevOps, GCP
>
> AWS
> Keycloak production:
> Steps to reproduce:
> 1. Craft the link with payload replacing the value of \{hook} on IP-address of machine you control.
> 2. Paste crafted link in web browser.
> 3. On your controlled machine you can see that connection was successful as shown on the screenshot (in this case burp collaborator was used and you can see callback dns request for our payload).
> ----
> GCP
> Ensure that Google Cloud Storage objects are using a lifecycle configuration for cost management



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@datalab.apache.org
For additional commands, e-mail: dev-help@datalab.apache.org