GUI accept all defined IP's and NOT only the GUI-addresses
Description
Problem/Justification
Impact
Activity
Louis February 4, 2022 at 8:23 AM
I did work around the problem by
redefining the vlan and its addresses
removed that addresses from the gui
deleting the vlan
Louis February 4, 2022 at 8:12 AM
The problem is related to an old interface which does not exist any more. In the past I did define multiple vlan's to separate storage from management.
However, since truenas can not really handle multiple vlan's in relation to the host application, I removed the second vlan (vlan10, with addresses 192.168.10.xx).
So there must me a left over in the config db which makes the gui think that it is still bind to that not longer existing address, with as a result that it allows every address !
Caleb February 3, 2022 at 11:47 PM
I cannot reproduce this on nightlies of SCALE or TrueNAS 13 nightlies. Once the webservice has been restarted, the webUI is no longer accessible on the other IPs.
Louis February 2, 2022 at 7:53 PM
Here the config as saved a few minutes ago
Louis February 2, 2022 at 7:46 PMEdited
and I just re-saved the settings, no problem
Details
Details
Assignee
Triage TeamReporter
LouisLabels
Time remaining
Fix versions
Affects versions
Priority
LowKatalon Platform
Linked Test Cases, Katalon Defect Results, Katalon Studio Test Results
Katalon Platform
I just noticed that the TrueNas Core GUI (I did not check scale) is listening / reacting on all defined IPV4- and IPV6-addresses and not just the for the gui selected addresses (In system / general).
This is a severe security issue ofcourse