Finding ID: SEC-019
Location: docker/supervisord.conf
CVSS: 5.0
The supervisord configuration includes an XML-RPC interface ([rpcinterface:supervisor]) which, if an inet_http_server is added without auth, could expose unauthenticated process control.
Impact: Remote management of supervisor processes if exposed.
Remediation (short): Remove inet_http_server or bind it to 127.0.0.1 and require authentication.
Reference: SECURITY_REVIEW.md
Finding ID: SEC-019
Location: docker/supervisord.conf
CVSS: 5.0
The supervisord configuration includes an XML-RPC interface (
[rpcinterface:supervisor]) which, if an inet_http_server is added without auth, could expose unauthenticated process control.Impact: Remote management of supervisor processes if exposed.
Remediation (short): Remove
inet_http_serveror bind it to 127.0.0.1 and require authentication.Reference: SECURITY_REVIEW.md