Bug 1541402 (CVE-2018-1000060)
Summary: | CVE-2018-1000060 sensu: Password exposure in warn level log when configured for multiple rabbitMQ connections | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | apevec, chrisw, dmacpher, gmollett, jbadiapa, jjoyce, jschluet, kbasil, lars, lhh, lpeer, markmc, mburns, mmagr, mrunge, rbryant, rmccabe, sclewis, security-response-team, slinaber, tdecacqu |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
Sensu's redaction function fails to handle the redaction of sensitive data in deeply nested data structures, resulting in sensitive data, such as passwords, being logged in clear-text.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-08 03:39:03 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1541825, 1541826, 1541827 | ||
Bug Blocks: | 1541404 |
Description
Pedro Sampaio
2018-02-02 13:49:27 UTC
This issue affects the versions of sensu as shipped with Red Hat OpenStack Platform versions 7 through 12. Version 7 through 9 were released as a technical preview without support and will not be fixed. The issue is public on the upstream git repository. https://github.com/sensu/sensu/issues/1804 Acknowledgments: Name: Debashis Pradhan (Huawei Technologies) External References: https://sensuapp.org/docs/1.2/overview/changelog.html#core-v1-2-1-changes This issue has been addressed in the following products: Red Hat OpenStack Platform 12.0 Operational Tools for RHEL 7 Via RHSA-2018:0616 https://access.redhat.com/errata/RHSA-2018:0616 This issue has been addressed in the following products: Red Hat OpenStack Platform 11.0 Operational Tools for RHEL 7 Via RHSA-2018:1112 https://access.redhat.com/errata/RHSA-2018:1112 This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 Operational Tools for RHEL 7 Via RHSA-2018:1606 https://access.redhat.com/errata/RHSA-2018:1606 |