You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
During pen-testing the following issue was identified:
During testing, Synopsys was able to successfully interact and obtain data from several services running within the BitBroker cluster, across multiple namespaces.
Synopsys operated from the position of a compromised container (this was deployed in the default namespace, which at time of testing had no other resources present) and could obtain information from several Redis instances, internal APIs, and even port forward to a container vulnerability scanner present in the cluster whose dashboard did not seem to have any authentication or authorization mechanism present.
During pen-testing the following issue was identified:
This issue is kept here for reference only. There is no intention to fix this right now. Please see the statement about the security profile of these deployment charts. https://github.com/bit-broker/charts/blob/main/INFO.md#security-profile
The text was updated successfully, but these errors were encountered: