s-seitz opened a new issue #5749:
URL: https://github.com/apache/cloudstack/issues/5749
<!--
Verify first that your issue/request is not already reported on GitHub.
Also test if the latest release and main branch are affected too.
Always add information AFTER of these HTML comments, but no need to delete
the comments.
-->
##### ISSUE TYPE
* Improvement Request
##### COMPONENT NAME
UI
~~~
~~~
##### CLOUDSTACK VERSION
4.16
~~~
~~~
##### CONFIGURATION
any
##### OS / ENVIRONMENT
any
##### SUMMARY
The UI tries to get a gravatar Image for each username in listUsers, which
potentially compromises the audit trail of CS Installations in DIN EN ISO/IEC
27001-required environments.
##### STEPS TO REPRODUCE
Login into CS, and follow the requests, using the built-in
Web-Developer-Tools of Firefox or Chrome.
~~~
~~~
<!-- You can also paste gist.github.com links for larger files -->
##### EXPECTED RESULTS
No request to any external ressource.
~~~
~~~
##### ACTUAL RESULTS
The current CS UI tries to fetch an image from gravatar.com and compromises
a private Infrastructure by exposing referrer and email-address of any listUser.
~~~
~~~
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
