Uploaded image for project: 'Zeppelin'
  1. Zeppelin
  2. ZEPPELIN-2014

Jetty Directory Listing on app, assets, components, and scripts

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.6.2
    • Fix Version/s: 0.7.3, 0.8.0
    • Component/s: Core
    • Labels:
    • Environment:

      RHEL

    • Flags:
      Important

      Description

      Security Issue, would not pass my institution's security scanners.
      The Web directory list is made publicly accessible folders by default.
      As a bandaid, I've added code in the daemon shell script to put index html files with a meta refresh in the affected directories.

      It would be nice if this could be configured on the fly with other jetty config with this:
      https://www.eclipse.org/jetty/documentation/9.3.x/override-web-xml.html

      But, a nice hard coded fix would be great in the meantime!

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                vboginskii Viktor Boginskii
                Reporter:
                IvanX Ian Tyndall
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: