How to Fix the Unauthorized Access Vulnerability of Swagger API Detected on Port 2379 of PD Node in TiDB 4.0.7?

translator_bot June 21, 2024, 3:34pm 1

Note:
This topic has been translated from a Chinese forum by GPT and might contain errors.

Original topic: tidb4.0.7版本的pd节点2379端口安全扫描报Swagger API 未授权访问漏洞，如何修复？

| username: TiDBer_w08YopmM

The security scan of the 2379 port on the PD node of TiDB version 4.0.7 reports an unauthorized access vulnerability in the Swagger API. How can this be fixed?

translator_bot June 21, 2024, 3:34pm 2

| username: WalterWj | Original post link

Methods for scaling PD, switching ports, or adding a firewall.

translator_bot June 21, 2024, 3:34pm 3

| username: zhanggame1 | Original post link

Medium risk does not need to be fixed.

translator_bot June 21, 2024, 3:34pm 4

| username: Fly-bird | Original post link

For the requirements of Level 3 protection, you can add a firewall to allow only internal cluster access and restrict through IP policies.

translator_bot June 21, 2024, 3:34pm 5

| username: 像风一样的男子 | Original post link

Yellow indicates a medium risk, not a mandatory fix.

translator_bot June 21, 2024, 3:34pm 6

| username: zxgaa | Original post link

It can also be left unfixed, or you can add ACL policies to restrict the IP range, thereby reducing the risk level.

translator_bot June 21, 2024, 3:34pm 7

| username: tidb菜鸟一只 | Original post link

There is currently no option to disable this separately. You can restrict the port to prevent machines other than TiDB from accessing it.