Closed Githubuser60 closed 2 years ago
🤖 Assignees for issue Famed Retroactive Rewards: Add HTTP Secure Headers #27 are now eligible to Get Famed.
✅ Add assignees to track contribution times of the issue 🦸♀️🦹️ ❌ Add a single severity (CVSS) label to compute the score 🏷️️
Happy hacking! 🦾💙❤️️
Reason: The data provided by GitHub is not sufficient to generate a reward suggestion. This might be due to an assignment after the issue has been closed. Please assign assignees in the open state.
UID: CL-2021-24 Severity: low Type: BUG Affected Clients: Prysm Summary: The HTTP responses from WebUI do not contain secure headers. At least, WebUI MUST provide an X-Frame-Options header to be protected against Clickjacking attack. At the present, WebUI can be framed and employed by malicious actors to trick users. Other useful headers are described here: https://web.dev/security-headers/ The minimal recommended set: HSTS, X-Frame-Options, and X-Content-Type-Options Links: prysmaticlabs/prysm-web-ui#178 Reported: 2021-05-20 Fixed: 2021-10-27 Published: 2021-12-01 Bounty Hunter: Taurus Bounty Points: Part of EF initiated Security Audit: https://arxiv.org/abs/2109.11685