After I upgraded the elastic stack to 8.6.0 and carried out a vulnerability scan on Kibana using the microfocus tool, there were vulnerabilities as follows:
I have made changes to the Kibana configuration, namely changing
Cache-Control: "no-cache, no-store"
but that does not solve the problem, this vulnerability is still detected in the next scan.
Please suggest me any solution to rectify this.
Kibana uses the following
Cache-Control directives to ensure that content is not cached:
Cache-Control: private, no-cache, no-store, must-revalidate
Static assets like script files (which do not contain any user data) should be cached by the browser for improved performance and use the following directive:
I can't verify which directives your scanner is picking up since you haven't posted those details but if that's not what you're getting you might have an upstream proxy or load balancer interfering with the header.
Thank you for your response,
The following is an attachment of the VA scan results in more detail.
Based on the image I attached, do I have to change the configuration to "private, no-store"?
I can see from the report that the scanner has made a request to
https://centrallogs-uat.danamon.co.id/translations/en.json. This is a static asset (english language bundle) and does not contain any user data. As such this file is safe to cache by browsers and you can safely ignore this warning.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.