Skip to content

SlipsWeb exposes ports on 0.0.0.0 #1940

Description

@AlyaGomaa

Security audit findings

  • SlipsWeb/app.py runs on 0.0.0.0:8000 when started directly.
  • SlipsWeb/config/medallion_config.json binds Medallion to 0.0.0.0:1234.
  • SlipsWeb/app.py uses debug=True.
  • 1234/tcp: Medallion/TAXII server in SlipsWeb, all interfaces by default.
  • 5000/tcp: flask run default in SlipsWeb container entrypoint.
  • 8000/tcp: direct python SlipsWeb/app.py.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type
No fields configured for issues without a type.

Projects

Status
Todo

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions