Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-15978

Limit information returned by api/system/* and api/server/* endpoints for unauthenticated users

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Blocked
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Web API
    • Edition:
      Community
    • Production Notes:
      None

      Description

      Some endpoints are returning data that users can consider sensitive, without requiring authentication.

      The data returned by them should instead be limited.

      • For api/system/status: Remove Server ID and Version for unauthenticated users
      • For api/server/version: Require authentication
      • For api/system/upgrades: Require authentication

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              belen.pruvost Belén Pruvost
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated: