some platform requests failing.
one that jumped out was for clinicalSubmissionSystemDisabled query
most errors we return an internal server error with minimal detail (as it should be)
this one we're returning way too much internal info in the response (domain, open port and db info - thankfully just that it's mongo but still narrows down potential exploit):
"message": "{\"error\":\"MongoNetworkTimeoutError\",\"message\":\"connection 707 to clinical-db-mongodb-primary-0.clinical-db-mongodb-headless.argo-dev.svc.cluster.local:27017 timed out\"}",
I don't imagine this happens in prod but I can verify.
some platform requests failing. one that jumped out was for
clinicalSubmissionSystemDisabled
query most errors we return an internal server error with minimal detail (as it should be) this one we're returning way too much internal info in the response (domain, open port and db info - thankfully just that it's mongo but still narrows down potential exploit):"message": "{\"error\":\"MongoNetworkTimeoutError\",\"message\":\"connection 707 to clinical-db-mongodb-primary-0.clinical-db-mongodb-headless.argo-dev.svc.cluster.local:27017 timed out\"}",
I don't imagine this happens in prod but I can verify.Slack Message