Bug 1767789
| Summary: | Passwords stored in variables(extra_vars) are visible in clear text in the Appliance evm.log | ||
|---|---|---|---|
| Product: | Red Hat CloudForms Management Engine | Reporter: | Satoe Imaishi <simaishi> |
| Component: | Appliance | Assignee: | Nick LaMuro <nlamuro> |
| Status: | CLOSED ERRATA | QA Contact: | Jaroslav Henner <jhenner> |
| Severity: | high | Docs Contact: | Red Hat CloudForms Documentation <cloudforms-docs> |
| Priority: | high | ||
| Version: | 5.10.6 | CC: | abellott, akarol, dmetzger, gekis, lufu, mshriver, nlamuro, obarenbo, sbulage |
| Target Milestone: | GA | Keywords: | ZStream |
| Target Release: | 5.11.1 | Flags: | simaishi:
cfme-5.11.z+
|
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | 5.11.1.0 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | 1752033 | Environment: | |
| Last Closed: | 2019-12-13 00:35:40 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | CFME Core | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1752033 | ||
| Bug Blocks: | |||
|
Comment 2
CFME Bot
2019-11-01 19:32:46 UTC
New commit detected on ManageIQ/manageiq-automation_engine/ivanchuk: https://github.com/ManageIQ/manageiq-automation_engine/commit/2192b305ceed4985a1350b0a9301f127395a8179 commit 2192b305ceed4985a1350b0a9301f127395a8179 Author: Greg McCullough <gmccullo> AuthorDate: Wed Sep 18 16:12:35 2019 -0400 Commit: Greg McCullough <gmccullo> CommitDate: Wed Sep 18 16:12:35 2019 -0400 Merge pull request #371 from lfu/clean_up_message_1752033 Mask the password value in logs. (cherry picked from commit 4be2d0a9edf5d5bf9cb7c91a72aa0f36f0c4b2ef) https://bugzilla.redhat.com/show_bug.cgi?id=1767789 lib/miq_automation_engine/engine/miq_ae_engine.rb | 4 +- 1 file changed, 2 insertions(+), 2 deletions(-) New commit detected on ManageIQ/manageiq-providers-ansible_tower/ivanchuk: https://github.com/ManageIQ/manageiq-providers-ansible_tower/commit/4145843d9c92ad1f2fe90e27128cf44e7a5a882b commit 4145843d9c92ad1f2fe90e27128cf44e7a5a882b Author: Nick LaMuro <nicklamuro> AuthorDate: Tue Sep 24 12:32:30 2019 -0400 Commit: Nick LaMuro <nicklamuro> CommitDate: Tue Sep 24 12:32:30 2019 -0400 [ivanchuk][event_parser.rb] Filter out extra_vars data Since we can't be sure if there is sensitive data in there, it is better to just filter this out in the logs. Hopefully this data isn't being used anywhere when parsing `job_create` events... This is the `ivanchuk` backport of the following PR: https://github.com/ManageIQ/manageiq-providers-ansible_tower/pull/193 With the proper code changes done the first time... Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1767789 app/models/manageiq/providers/ansible_tower/shared/automation_manager/event_parser.rb | 8 +- 1 file changed, 7 insertions(+), 1 deletion(-) Verified Version: 5.11.1.1.20191122174937_707df01 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:4201 |