Guest

Preview Tool

Cisco Bug: CSCvu26633 - Insecure Headers

Last Modified

Jun 24, 2020

Products (1)

  • Cisco Webex Teams

Known Affected Releases

unspecified

Description (partial)

Symptom:
This is a modification on the product to adopt new secure code best practices to enhance the security posture and resiliency of the product.  

The Cisco Webex Control Hub contains a CSP (Content Security Policy) that allows external websites to include content within the same-origin domain of the Cisco Webex Control Hub. As a result, there exists the potential to include untrusted content inline within the Cisco Webex Control Hub site.
 
The Cisco Webex Control Hub may consider changing the settings to not allow 'unsafe-eval' as a defense in depth measure.

Conditions:
Device running with default configuration.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.