You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@datalab.apache.org by "Vira Vitanska (Jira)" <ji...@apache.org> on 2022/07/25 07:42:00 UTC

[jira] [Created] (DATALAB-2941) [GCP][AWS]Get rid of vulnerabilities with respect to the policy

Vira Vitanska created DATALAB-2941:
--------------------------------------

             Summary: [GCP][AWS]Get rid of vulnerabilities with respect to the policy 
                 Key: DATALAB-2941
                 URL: https://issues.apache.org/jira/browse/DATALAB-2941
             Project: Apache DataLab
          Issue Type: Task
      Security Level: Public (Regular Issues)
          Components: DataLab Main
            Reporter: Vira Vitanska
            Assignee: Leonid Frolov


AWS

Keycloak production:
Steps to reproduce:
1. Craft the link with payload replacing the value of \{hook} on IP-address of machine you control.
2. Paste crafted link in web browser.
3. On your controlled machine you can see that connection was successful as shown on the screenshot (in this case burp collaborator was used and you can see callback dns request for our payload).
----
GCP
Ensure that Google Cloud Storage objects are using a lifecycle configuration for cost management



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@datalab.apache.org
For additional commands, e-mail: dev-help@datalab.apache.org