Closed Githubuser60 closed 1 year ago
🤖 Assignees for issue Famed Retroactive Rewards: Add HTTP Secure Headers #28 are now eligible to Get Famed.
✅ Add assignees to track contribution times of the issue 🦸♀️🦹️ ✅ Add a single severity (CVSS) label to compute the score 🏷️️
Happy hacking! 🦾💙❤️️
@Githubuser60 - you Got Famed! 💎 Check out your new score here: https://leaderboard.morphysm.com/teams/Githubuser60/famed-demo | Contributor | Time | Reward |
---|---|---|---|
Githubuser60 | 46s | 9999 POINTS |
UID: CL-2021-24 Severity: low Type: BUG Affected Clients: Prysm Summary: The HTTP responses from WebUI do not contain secure headers. At least, WebUI MUST provide an X-Frame-Options header to be protected against Clickjacking attack. At the present, WebUI can be framed and employed by malicious actors to trick users. Other useful headers are described here: https://web.dev/security-headers/ The minimal recommended set: HSTS, X-Frame-Options, and X-Content-Type-Options Links: prysmaticlabs/prysm-web-ui#178 Reported: 2021-05-20 Fixed: 2021-10-27 Published: 2021-12-01 Bounty Hunter: Taurus Bounty Points: Part of EF initiated Security Audit: https://arxiv.org/abs/2109.11685