You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Akshay Sudheer (Jira)" <ji...@apache.org> on 2020/12/16 17:05:00 UTC
[jira] [Updated] (HBASE-25403) Cookie and Referrer policy
vulnerabilities reported by scanner tool
[ https://issues.apache.org/jira/browse/HBASE-25403?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Akshay Sudheer updated HBASE-25403:
-----------------------------------
Description:
Vulnerability scanner has reported the following:
1.Cookies with missing, inconsistent or contradictory properties i)cookie without SameSite attribute
Remediation: To ensure that the cookies configuration complies with the applicable standards, Setting Same-Site attribute to Set-Cookie HTTP response header
Plan: Make Same-Site Configurable
2.Insecure Referrer Policy
Remediation: Consider setting Referrer-Policy header to 'strict-origin-when-cross-origin' or a stricter value
Plan: Make Referrer-Policy header Configurable.
was:
Vulnerability scanner has reported the following:
1.Cookies with missing, inconsistent or contradictory properties i)cookie without SameSite attribute
Remediation: To ensure that the cookies configuration complies with the applicable standards, Setting Same-Site attribute to Set-Cookie[{{}}|https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie] HTTP response header
Plan: Make Same-Site Configurable
2.Insecure Referrer Policy
Remediation: Consider setting Referrer-Policy header to 'strict-origin-when-cross-origin' or a stricter value
Plan: Make Referrer-Policy header Configurable.
> Cookie and Referrer policy vulnerabilities reported by scanner tool
> -------------------------------------------------------------------
>
> Key: HBASE-25403
> URL: https://issues.apache.org/jira/browse/HBASE-25403
> Project: HBase
> Issue Type: Bug
> Components: REST
> Reporter: Akshay Sudheer
> Priority: Minor
>
> Vulnerability scanner has reported the following:
> 1.Cookies with missing, inconsistent or contradictory properties i)cookie without SameSite attribute
> Remediation: To ensure that the cookies configuration complies with the applicable standards, Setting Same-Site attribute to Set-Cookie HTTP response header
> Plan: Make Same-Site Configurable
>
> 2.Insecure Referrer Policy
> Remediation: Consider setting Referrer-Policy header to 'strict-origin-when-cross-origin' or a stricter value
> Plan: Make Referrer-Policy header Configurable.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)