You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When trying to create a service instance, without having an entitlement, the message displayed in the client displays information that appears to be a security risk:
The service broker rejected the request to https://:9293/cf/v2/service_instances/691f1431-6fcd-4cbd-a3fb-d1510f0e675c?accepts_incomplete=true. Status Code: 403 Forbidden, Body:
{"status":403,"message":"Not entitled to create service instance"}
The Bug in CAPI has been closed as won't fix as they don't consider it to be a security concern.
Will proceed to close this bug if there are no objections.
@cloudfoundry-incubator/wg-service-management-service-fabrik-approvers @cloudfoundry-incubator/service-fabrik
When trying to create a service instance, without having an entitlement, the message displayed in the client displays information that appears to be a security risk:
The service broker rejected the request to https://:9293/cf/v2/service_instances/691f1431-6fcd-4cbd-a3fb-d1510f0e675c?accepts_incomplete=true. Status Code: 403 Forbidden, Body:
{"status":403,"message":"Not entitled to create service instance"}
Currently the error message displays The IP:port and full path of the service. This seems to be coming from https://github.com/cloudfoundry/cloud_controller_ng/blob/173954d8ed2d2b9624d074ba2b277f7bd47c8432/lib/services/service_brokers/v2/errors/service_broker_request_rejected.rb#L15
How can this information be masked on failure?
The text was updated successfully, but these errors were encountered: