Executables are allowed to be uploaded through 3Scale WebUI

Issue

Image file uploads in the 3Scale console allow executable (.exe, .dll's) files to be transferred to the server. This violates a security directive for most customers.

In the "Logo edit" portion of the webUI - uploading any file is allowed, not just expected image files (.jpg, .jpeg, .png, .gif).

Environment

3scale 2.5 and previous versions
OpenShift 3.11

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation