search

openbmc / bmcweb

A do everything Redfish, KVM, GUI, and DBus webserver for OpenBMC
Apache License 2.0
157 stars 131 forks source link

Security: BMCWEB_ENABLE_DBUS_REST=ON enables information leak #114

Closed feistjj closed 2 years ago

feistjj commented 4 years ago

Rest D-BUS allows lower privileged users to gain access to privileged information by direct D-Bus access. The default of this should be disabled.

feistjj commented 4 years ago

https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/29344 closes this issue