You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@karaf.apache.org by "Christian Schneider (JIRA)" <ji...@apache.org> on 2017/02/24 08:02:44 UTC

[jira] [Created] (KARAF-4993) Unsecured access to gogo console over web

Christian Schneider created KARAF-4993:
------------------------------------------

             Summary: Unsecured access to gogo console over web
                 Key: KARAF-4993
                 URL: https://issues.apache.org/jira/browse/KARAF-4993
             Project: Karaf
          Issue Type: Bug
          Components: karaf-webconsole
    Affects Versions: 4.1.0
            Reporter: Christian Schneider
            Priority: Blocker
             Fix For: 4.1.1


Start plain karaf 4.1.0

feature:install webconsole http-whiteboard

Acess http://localhost:8181/gogo/
Unsecured access to the gogo console

If I use http://localhost:8181/gogo
NPE http://apaste.info/wQTBD

So it seems like the http whiteboard extender picks up the gogo webconsole plugin.
Thanks to Kevin Schmidt for finding this issue.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)