rhuanbarreto
commented
1 year ago Hi @pratapaprasanna, any updates? Do you have any timeframe for this fix to come? This is a critical security issue.
Open rhuanbarreto opened 1 year ago
rhuanbarreto
commented
1 year ago Hi @pratapaprasanna, any updates? Do you have any timeframe for this fix to come? This is a critical security issue.
pratapaprasanna
commented
1 year ago hi @rhuanbarreto can you elaborate on the steps to replicate the issue.
upon deploying appsmith along with mongo . did you try exec into the mongo pod and login to db with the password ?
rhuanbarreto
commented
1 year ago Investigating further in the template, if I set mongodb.auth.rootPassword, the configMap doesn't pass a local url to Appsmith pod in order to be run.
rhuanbarreto
commented
7 months ago just checking in here. any updates @sharat87 @Nikhil-Nandagopal @pratapaprasanna ?
pratapaprasanna
commented
7 months ago hey @rhuanbarreto can you please schedule a call using this link. to understand the issue better
Is there an existing issue for this?
Description
Having
passwordas a default MongoDB root password is a critical security flaw in the Appsmith Business Helm Chart. So we need to change it to something safer.When I deploy the Appsmith Business Helm Chart setting the value
mongodb.auth.rootPassword, this is only propagated to the Appsmith instance in the ConfigMap, the deployed MongoDB doesn't receive this configuration, which causes the deployment to fail.Steps To Reproduce
mongodb.auth.rootPasswordPublic Sample App
No response
Environment
Production
Issue video log
No response
Version
Self Hosted Business Helm Chart Version 3.0.4