An internal IP address was returned within the response HTML. While not always visible in the rendered HTML, it was visible within the HTML source.
- is blocked by
-
ST-169 Internal IP revealed-related to ST-107
-
- Closed
-
| Field | Original Value | New Value |
|---|---|---|
| Status | New Request [ 10029 ] | Pending for Approval [ 10002 ] |
| Status | Pending for Approval [ 10002 ] | Approved for Development [ 10003 ] |
| Assignee | Niteen Surwase [ niteen.surwase ] |
| Status | Approved for Development [ 10003 ] | In Development [ 10007 ] |
| Status | In Development [ 10007 ] | Local Testing [ 10200 ] |
| Assignee | Niteen Surwase [ niteen.surwase ] | Amit Gude [ amitg ] |
| Sprint | ST Sprint 1 [ 1 ] |
| Rank | Ranked higher |
Assigning to Zeeshan
| Assignee | Amit Gude [ amitg ] | Zeeshan Chishty [ zeeshan.chishty ] |
Zeeshan Chishty (Inactive)
made changes -
| Attachment | Internal IP revealed.jpg [ 16153 ] |
Zeeshan Chishty (Inactive)
added a comment - Not Verified as Internal IP addresses was revealed in error response to Employee Feedback file upload and sent mail.
But when tested in Praetorian Identified vulnerable response the issue is fixed for below page.
/BenAdmin/UserDetails/UserDetails/IncompleteEnrollmentNotification
Zeeshan Chishty (Inactive)
added a comment - Not Verified as Internal IP addresses was revealed in error response to Employee Feedback file upload and sent mail.
But when tested in Praetorian Identified vulnerable response the issue is fixed for below page.
/BenAdmin/UserDetails/UserDetails/IncompleteEnrollmentNotification Zeeshan Chishty (Inactive)
made changes -
| Status | Local Testing [ 10200 ] | Reopen in Local [ 10018 ] |
| Issue Importance | Must Have [ 11800 ] |
Zeeshan Chishty (Inactive)
made changes -
| Assignee | Zeeshan Chishty [ zeeshan.chishty ] | Niteen Surwase [ niteen.surwase ] |
Zeeshan Chishty (Inactive)
made changes -
| Labels | Security |
Zeeshan Chishty (Inactive)
made changes -
| Module | Parent values: BenAdmin(10100) | Parent values: BenAdmin(10100)Level 1 values: Security(10112) |
| Assignee | Niteen Surwase [ niteen.surwase ] | Zeeshan Chishty [ zeeshan.chishty ] |
| Status | Reopen in Local [ 10018 ] | In Development [ 10007 ] |
We were not able to reproduce this issue. So, please approve implemented issue for stage
| Item State | Parent values: LB QA(10201)Level 1 values: LB Deployed(11600) |
| Status | In Development [ 10007 ] | Local Testing [ 10200 ] |
Zeeshan Chishty (Inactive)
made changes -
| Item State | Parent values: LB QA(10201)Level 1 values: LB Deployed(11600) | Parent values: LB QA(10201)Level 1 values: Ready for Stage(10213) |
Zeeshan Chishty (Inactive)
made changes -
| Status | Local Testing [ 10200 ] | Pending for Stage Approval [ 10300 ] |
Hi Rakesh Roy We can close this ticket as we are not able to reproduce this issue.
When tested in Praetorian Identified vulnerable response page the issue is fixed and no internal IP is revealed.
Zeeshan Chishty (Inactive)
added a comment - Hi Rakesh Roy We can close this ticket as we are not able to reproduce this issue.
When tested in Praetorian Identified vulnerable response page the issue is fixed and no internal IP is revealed. Zeeshan Chishty (Inactive)
made changes -
| Assignee | Zeeshan Chishty [ zeeshan.chishty ] | Rakesh Roy [ rakeshr ] |
| Assignee | Rakesh Roy [ rakeshr ] | Deepali Tidke [ deepalit ] |
as per above comments closing this ticket
| Item State | Parent values: LB QA(10201)Level 1 values: Ready for Stage(10213) | Parent values: Production Complete(10222)Level 1 values: Closed(10223) |
| Status | Pending for Stage Approval [ 10300 ] | Approved for Stage [ 10030 ] |
| Status | Approved for Stage [ 10030 ] | Stage Testing [ 10201 ] |
| Status | Stage Testing [ 10201 ] | Pending for Production Approval [ 10301 ] |
| Status | Pending for Production Approval [ 10301 ] | Approved for production [ 10034 ] |
| Status | Approved for production [ 10034 ] | Production Testing [ 10202 ] |
| Resolution | Fixed [ 1 ] | |
| Status | Production Testing [ 10202 ] | Production Complete [ 10028 ] |
| Status | Production Complete [ 10028 ] | Closed [ 6 ] |
| Item State | Parent values: Production Complete(10222)Level 1 values: Closed(10223) | Parent values: LB QA(10201) |
| Item State | Parent values: LB QA(10201) | Parent values: LB QA(10201)Level 1 values: LB Deployed(11600) |
Make it ready for stage for implemented change.
For more discussion approach me.
| Developer | Niteen Surwase [ niteen.surwase ] |
Kindly discuss with Niteen for more details
| Assignee | Deepali Tidke [ deepalit ] | Kunal Kedari [ kunal.kedari ] |
Kunal Kedari (Inactive)
made changes -
| Item State | Parent values: LB QA(10201)Level 1 values: LB Deployed(11600) | Parent values: LB QA(10201)Level 1 values: In Testing(10210) |
Hi Niteen Surwase,
We have verified the mentioned change on local (wt-stage), we inspected the mentioned pages and check whether internal IP is displaying anywhere. After fix internal IP address is not displaying anywhere. Along with this we have also perform sanity testing for mentioned pages as well, no issue found during sanity. We can deploy the change to Stage.
Kunal Kedari (Inactive)
added a comment - Hi Niteen Surwase ,
We have verified the mentioned change on local (wt-stage), we inspected the mentioned pages and check whether internal IP is displaying anywhere. After fix internal IP address is not displaying anywhere. Along with this we have also perform sanity testing for mentioned pages as well, no issue found during sanity. We can deploy the change to Stage. Kunal Kedari (Inactive)
made changes -
| Item State | Parent values: LB QA(10201)Level 1 values: In Testing(10210) | Parent values: LB QA(10201)Level 1 values: Ready for Stage(10213) |
| Item State | Parent values: LB QA(10201)Level 1 values: Ready for Stage(10213) | Parent values: Production Complete(10222)Level 1 values: Closed(10223) |
| Link | This issue relates to DEV-13718 [ DEV-13718 ] |
| Transition | Time In Source Status | Execution Times |
|---|
|
1m 3s | 1 |
|
3s | 1 |
|
11d 23h 41m | 1 |
Zeeshan Chishty (Inactive)
made transition
-
|
21d 1h 33m | 1 |
|
56d 1h 24m | 1 |
|
10d 20h 57m | 2 |
Zeeshan Chishty (Inactive)
made transition
-
|
2d 18h 30m | 1 |
|
3d 4h 25m | 1 |
|
2s | 1 |
|
5s | 1 |
|
2s | 1 |
|
2s | 1 |
|
12s | 1 |
|
2s | 1 |
In earlier scenarios Server IPs were visible in following files. This is resolved in this ticket.
Please check following File Paths :
1. AddXpress Company module - Upload logo and check for IP by inspecting logo.
2. ConfigureLandingPage - Upload Image and check for IP by inspecting Image.
3. IncompleteEnrollmentNotifications - Upload File and check for IP by inspecting file link.