-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[v10] Validate token for node join script (#14944)
The token value is provided via the HTTP request and fed into the node join script. This could allow an attacker to generate a node-join script with malicious code included. Fix this by validating that tokens are valid and exist in the backend. Additionally, we recently added the ability to specify labels via the node-labels query parameter, which is also user-controlled. Since this functionality was never integrated in the UI, we remove it here and will add an alternative implementation in the future. Also use single quotes in script to prevent expansion.
- Loading branch information
Showing
4 changed files
with
164 additions
and
110 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.