[XPORTERCLOUD-2244] AMS-22141 - Xporter has failed the caching security requirement - Xblend Issue Tracker

Xporter

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Medium
Resolution: Fixed
Affects Version/s: None
Fix Version/s: Xporter Cloud v2.1
Component/s: Bug Bounty Program, Security
Labels:
None

Requirement Status:
OK
- 1

Description

Xporter has failed the Application security requirement 7.3

An application must disable caching on all HTTPS pages that contain sensitive data by using no-cache and no-storeinstead of private in the cache control header.

Evidence:
The HTTP response was found to contain no Cache-Control header. An example response below shows no Cache-Control header returned by the server. This was to the /auditlogs endpoint.

Mitigation Recommendation
Ensure the application disable caching on all HTTPS pages that contain sensitive data by using no-cache and no-store instead of private in the cache control header.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

e9ad36c4-5de6-40ae-bb67-2d8ce4089d25.png
96 kB
10/Jul/24 11:05 AM

Issue Links

links to

AMS-22141

Activity

People

Assignee:: Nikhil Diwan

Reporter:: Bernardo Cottim

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Due:: 06/Aug/24

Created:: 10/Jul/24 11:06 AM

Updated:: 3 days ago 9:52 AM

Resolved:: 06/Aug/24 3:53 PM

OKR_StartDate:: 11/Jul/24