[ClusterLabs] Missing or Permissive Content-Security-Policy frameancestors HTTP Response Header in pcsd

S Sathish S s.s.sathish at ericsson.com
Mon May 18 03:25:13 EDT 2020


Hi Team,

We are getting below vulnerable alert while using pcs , we are not using pcs Web UI interface can we know mitigation plan for this.

Plugin ID             :  50344
Plugin Name      : Missing or Permissive Content-Security-Policy frameancestors HTTP Response Header
Port                     : TCP 2224

We have tried disabled Web UI interface and restart pcsd service , Still page is accessible and login page display "PCSD GUI is disabled"

Configuration File :
# cat /etc/sysconfig/pcsd  | grep -i GUI
# Set DISABLE_GUI to true to disable GUI frontend in pcsd
PCSD_DISABLE_GUI=true

Web UI Details :
https://<IP Address>:2224/login<https://%3cIP%20Address%3e:2224/login>
Print " PCSD GUI is disabled"

Can you suggest the way-forward for the same.

Thanks and Regards,
S Sathish S
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.clusterlabs.org/pipermail/users/attachments/20200518/2e3fa16b/attachment.htm>


More information about the Users mailing list